Check out the latest issue today and subscribe!
Security Solutions Issue 115 Out Now!
Check out the latest issue today and subscribe!
BeyondTrust 10th Annual Microsoft Vulnerabilities Report Finds Elevation of Privilege Remains #1 Microsoft Vulnerability Category
- Elevation of Privilege is the top vulnerability category for the third year running, accounting for 55% of all Microsoft vulnerabilities in 2022
- Total Microsoft vulnerabilities rose to 1,292, hitting an all-time high since the report began 10 years ago
BeyondTrust, the worldwide leader in intelligent identity and access security, today announced the release of the 2023 Microsoft Vulnerabilities Report. This report is the 10th anniversary edition and covers a decade of vulnerability insights, providing valuable information to help organisations see into the past, present, and future of the Microsoft vulnerability landscape. Produced annually by BeyondTrust, The Microsoft Vulnerabilities Report analyses data from security bulletins publicly issued by Microsoft throughout the previous year.
Comprehensive report breaks down CVE and key shifts
This report dissects the 2022 Microsoft vulnerabilities data, highlighting key shifts and trends since the inaugural report. The report spotlights some of the most significant CVEs of 2022, and breaks down how they are exploited by attackers and ways they can be prevented or mitigated.
Microsoft groups product vulnerabilities into the following categories: Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Tampering, Information Disclosure, Denial of Service, and Spoofing. Once again, Elevation of Privilege was the leading vulnerability category in 2022.
Highlights and key findings:
In 2022, total Microsoft vulnerabilities rose to 1,292, hitting an all-time high since the report began 10 years ago. It’s not just the number of vulnerabilities that should be of concern, but also the unique threat and impact posed by individual vulnerabilities.
- Elevation of Privilege is the #1 vulnerability category for the third year running, accounting for 55% (715) of the total Microsoft vulnerabilities in 2022.
- Microsoft Azure and Dynamics 365 generate the biggest financial gains for Microsoft, as well as the biggest gain in number of vulnerabilities.
- In 2022, 6.9% of Microsoft’s vulnerabilities were rated as ‘critical,’ while in 2013, 44% of all Microsoft vulnerabilities were classified as ‘critical.’
- Azure and Dynamics 365 vulnerabilities skyrocketed by 159%, from 44 in 2021 to 114 in 2022.
- Microsoft Edge experienced 311 vulnerabilities last year, but none were critical.
- There were 513 Windows Vulnerabilities, 49 of which were critical.
- Microsoft Office experienced a five-year low of just 36 vulnerabilities.
- Windows Server vulnerabilities rose slightly to 552.
Within the report, a panel of some of the world’s leading cybersecurity experts weigh in on the report findings. They provide insights as we look forward to how the next decade in cyber threats, vulnerabilities, and defenses may unfold.
“Microsoft has a high volume of vulnerabilities that we have seen increase over the last 10 years of our research,” said James Maude, Lead Security Researcher at BeyondTrust. “This report outlines many of the risks, and highlights the importance of timely patching alongside the removal of excessive administrative rights to mitigate the risks.”
The past 10 years have seen the number of Microsoft vulnerabilities increase across all categories, with Elevation of Privilege vulnerabilities climbing 650%. Over that time, new Microsoft products have driven the overall increase in vulnerabilities, with Azure and Dynamics 365 vulnerabilities climbing by 159%–largely due to one product, Azure Site Recovery Suite—this past year alone.
If there’s one beacon of light shining across the past 10 years of vulnerabilities, it’s the fact that the fundamental ways to mitigate those risks have remained constant for well over a decade. Least privilege enforcement has proven to be just as relevant to the cloud systems and IoT devices of today as it did to the legacy systems, some of which are still operational. Protecting endpoints with products like BeyondTrust’s Endpoint Privilege Management solutions can enable organisations to quickly achieve least privilege, while striking the right balance between security and productivity.
Click here for your free copy of the 2023 Microsoft Vulnerabilities Report.
Somerville Partners with Mimecast to Accelerate Delivery of Best-in-Class Cybersecurity Solutions
Somerville, one of the most experienced end-to-end technology service providers in Australia, today announced that it has been appointed as a partner by Mimecast, an email and collaboration security company.
As a Mimecast Partner, Somerville will now have access to the entire range of Mimecast cybersecurity services for email, web and data and will work closely with the vendor to help organisations be work protected by protecting their people, data, and communications.
In addition, with Mimecast being a leading provider of cybersecurity to organisations using Microsoft 365, Somerville also now has a market opportunity to further grow in the enterprise market with services designed to complement and extend the core capabilities of Microsoft Exchange and Office 365.
As Craig Somerville, CEO, Somerville, explains, “The threat landscape continues to evolve, and organisations are looking to their IT partner for support in a world where the vast majority of attacks are mounted via email and businesses are relying on individuals opening and dealing with rogue messages. Just a single click can result in a widespread infection that causes problems for hundreds or even thousands of users. As a result, we’re excited that Somerville’s customers will now be able to access Mimecast’s suite of advanced security solutions.”
Mimecast’s security solutions are a perfect complement to Somerville’s capacity to deliver the security, scale, availability, resilience, and efficiency that organisations require to protect them from malicious activity, human error and potential technology failure. Somerville’s portfolio of cybersecurity vendors include Check Point Software Technologies, Sophos, Microsoft, CrowdStrike and Devicie among others, some of which integrate with Mimecast.
“Somerville is serious about providing resilient security services so we take a multilayered, integrated approach that encompasses all the potential threats to client networks,” says Craig Somerville.” With Mimecast, we’ll now be working with a channel-first company and deploying its forward-thinking solutions which are able to provide solid protection and effective security services.”
Mimecast’s annual survey of global IT and cybersecurity professionals for ‘The State of Email Security Report 2023’, revealed that email usage continues to rise at 85% of Australian companies with 70% have experienced an increase in email-based threats and 96% having been targeted by email-based phishing attacks.
“The Mimecast channel program is set up to provide profitable outcomes for partners who provide end to end security solutions to their customers and include Mimecast’s leading technologies in their offerings. We are thrilled that Somerville is expanding its commitment to offer best-of-breed security solutions to their customers, by partnering with Mimecast. We look forward to driving our joint value proposition to customers in the market and empowering organisations to secure their workplace environment wherever work happens,” says Craig McGregor, senior channel director, Mimecast APAC.
Ping Identity Launches New Decentralised Identity Management Solution
Ping Identity, the intelligent identity solution for the enterprise, announced early access to PingOne Neo™, a multi-standards decentralised identity management solution. Neo improves data security, privacy, and control for individuals while reducing resource and compliance burdens for enterprises.
Many digital services require verified information about people to do business. Neo simplifies getting verified information from a trusted source via verifiable credentials, whether that source is inside or outside of the organisation. Organisations can now verify without complex, expensive back-end integrations that increase each organisation’s attack surface. Neo reduces the possibility of identity theft for individuals and improves security for organisations by instantly establishing trust with individuals based on their digital credentials.
“Organisations spend significant time and money obtaining and verifying information from customers and employees, then attempt to determine access, entitlements, and authorisations to remain secure and compliant,” said Andre Durand, CEO and founder of Ping Identity. “Neo eliminates the manual resource burden from businesses while empowering individuals with their own data, reducing threats of fraud or identity theft while increasing privacy.”
Decentralised identity reduces the possibility of transaction fraud and account takeovers by helping ensure the person behind the credential is who they claim. With Neo, a person requests a verifiable credential from an organisation that is cryptographically signed and verifiable. The verifiable credential is then added to the person’s digital wallet and can be shared with the business that requires it. The individual is in complete control of what information gets shared.
PingOne Neo is a component of an open and interoperable platform that supports popular decentralised and other identity standards from the World Wide Web Consortium(W3C), the OpenID Foundation, and the International Organization for Standardization (ISO). Ping Identity is also a key contributor to the Open Wallet Foundation Initiative (OWF) which supports interoperability between digital wallets through open-source software.
Get Early Access to PingOne Neo and explore more benefits in the solutions brief or datasheet.
Learn more at www.pingidentity.com.
Why terabit DDoS attacks need state-of-the-art terabit DDoS mitigation
In recent years, distributed denial of service (DDoS) attacks have become more frequent and sophisticated. Attackers continue to find new ways to flood target networks with massive-scale attacks that have grown exponentially and crossed the terabit attack rate.
Radware executive Itay Raviv suggests this has become a major concern for enterprises and carriers worldwide, as the impact of these hyper volumetric DDoS attacks can be devastating. They cause extended downtime, financial losses and reputational damage.
That’s why it’s critically important that organisations are prepared to detect and mitigate these vicious attacks and why deploying the right type of mitigation platform is so important.
The Terabit DDoS attack era is here to stay. One of the emerging trends of DDoS attacks is hyper volumetric floods. These attacks generate traffic of more than a staggering 1Tbps (terabits per second).
A significant threat to organisations, terabit DDoS attacks can quickly overwhelm a network infrastructure and disrupt critical services.
Some of the largest recorded volumetric attacks include:
- Google Services was targeted with a volumetric attack of 2.54Tbps.
- Amazon AWS Infrastructure was targeted with a 2.3Tbps attack.
- Microsoft Azure reported three terabit attacks: one of 3.47Tbps and two others that were more than 2.5Tbps.
In May 2021, Radware successfully mitigated a hyper volumetric DDoS attack that peaked at almost 1.5Tbps. This volumetric carpet-bombing attack against the targeted subnet lasted for 36 hours. It had a sustained throughput of over 700Gbps for more than eight hours.
The total volume generated by this attack was 2.9Pbps, which was one-and-a-half times the information contained in all U.S. academic research libraries. And it was all successfully blocked.
Terabit volumetric floods are here to stay, and a proper mitigation device is a must for organisations to protect themselves.
Nielsen’s Law of Internet Bandwidth states that a user’s bandwidth grows 50% each year. It has held true for the past 40 years, from 1983 to 2023. This, along with 5G and 6G networks moving forward, proves human consumption and speed rate demands are enormous. Rest assured this won’t slow down any time soon.
To support this increasing demand, data centres, carriers, service providers and cloud platforms must keep up with the vast amounts of data. They have already adopted the latest network technology that has introduced 400G network infrastructure for high bandwidth and faster data transmission speeds.
What’s needed is a DDoS mitigation platform that will support these high throughput rates. They will need to keep up with the demanding throughput by having 400G data ports that can sustain and process detection and mitigation.
So how can organisations protect themselves against Terabit DDoS attacks? The answer lies in implementing a scalable and robust state-of-the-art DDoS mitigation solution with protection level tiers. The solution should include:
Multi-layered protection: A multi-layered approach is crucial in mitigating Terabit DDoS attacks. This involves deploying a combination of the right network infrastructure, a mitigation appliance that can handle ultra-high-end rates and cloud-based solutions to ensure a diverse range of defences.
Traffic scrubbing: This involves filtering out malicious traffic from legitimate traffic, enabling a network to remain online during an attack. A dedicated and robust DDoS mitigation hardware platform is great for combating Terabit DDoS attacks, but it isn’t enough.
On the software side, a behavioural DDoS countermeasure approach is needed to make sure attacks are quickly detected and traffic is automatically filtered. This lets legitimate traffic in while keeping attack traffic out.
High port density, scale and performance: To handle huge amounts of traffic, whether during peacetime or while under attack, the mitigation platform hardware and software must be capable of handling high volumetric rates; very few can accomplish this.
Picking the right platform is key. Whether deploying the detection and mitigation platform inline or out-of-path will ensure a sustainable, clean and DDoS-free environment for customers.
To protect large network infrastructures, such as carriers, Tier-1 service providers and large enterprises, the mitigation platform must support high port density to inspect incoming traffic, remove threats and pass legitimate traffic to the protected network without creating a bottleneck.
It should include several 100G data ports, and, if possible, 400G data ports. This will enable it to accommodate large network infrastructures.
Having high visibility and simplified management are crucial aspects of a DDoS mitigation platform. High visibility of the network and packet flow ensures that network administrators have clear and concise information, whether during peacetime or during an attack.
Information should include the attack’s origin, the type of attack and the impact on the network. This information is vital in helping administrators make informed decisions on how to best mitigate the attack and reduce damages.
Additionally, simplified management makes it easier for administrators to efficiently configure and manage the DDoS mitigation platform. This is particularly important in high-pressure situations where time is of the essence; the faster mitigation is implemented, the better.
Having the right management solution to provide visibility and control over high-end mitigation platforms is critical. The right high-end mitigation platform, along with a great management and analytics system, ensures organisations can protect their networks effectively and efficiently from Terabit DDoS attacks.
Doing so will minimise disruptions to operations and ensure systems and customers remain up and running and are secure.
Why Choosing the Right NDR Tool Can Improve Infrastructure Visibility
Constantly on the hunt for better ways to keep their organisation’s IT infrastructure secure, growing numbers of security teams are making use of network detection and response (NDR) tools.
The trend is being driven by a number of factors. For example, many security teams believe they lack visibility of their entire infrastructure and are therefore vulnerable to attack. Others feel they are being overwhelmed by alerts and are often unable to spot real issues among the large number of false positives.
Senior management teams are also paying increasing attention to the value that can be delivered by NDR tools. Managers are concerned that the cyber-insurance cover they have in place will be insufficient to allow their organisation to recover from an attack or will simply become too expensive to maintain in the future.
The role of NDR
Once deployed, an NDR tool becomes a third element within an organisation’s security platform. It complements Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) capabilities.
Together, these elements provide overlapping fields of visibility and give security teams the ability to achieve what is known as ‘defence in depth’ across their entire infrastructure.
A key benefit of NDR is that it can be used as a passive method of monitoring network traffic and identifying malicious activity. This effectively makes it invisible to attackers and allows the security team to monitor their movements without their knowledge.
Overcoming challenges
It’s common knowledge that many security teams are feeling increasingly stretched and needing to do more with limited resources. NDR can help to overcome this challenge by removing some of the monitoring workload and presenting teams with just the alerts they need to examine in depth.
NDR also helps to overcome challenges that arise as organisations increase their usage of cloud platforms. With the additional complexity that this brings for IT infrastructures, having full visibility of all activity at all times is vital.
It’s incorrect to assume that the security of a cloud platform is the responsibility of the cloud provider. While the provider does take are of security when it comes to the infrastructure, security of deployments running on that infrastructure are the responsibility of the using organisation.
NDR’s importance is also growing alongside the sheer volume of data traffic within many organisations. Spotting the signs of an intruder amid massive amounts of legitimate data is increasingly challenging.
Choosing an NDR platform
Once the decision is taken to deploy NDR within an infrastructure, there are four key features that should be offered by the chosen tool. They are:
- Forensic visibility: The NDR tool should be able to identify anomalous activity across various protocols, platforms, and geographic locations. It should be able to proactively prioritise threat hunting and therefore increase the productivity of the security team.
- Advanced analytics: NDR tools should also make use of sophisticated machine learning that makes use of both deterministic and un-deterministic detection techniques. This will ensure higher fidelity alarms across the network.
- Network monitoring: Effective tools should also be able to deliver a comprehensive view into all enterprise devices. They should monitor and analyse all traffic flows in real time. As well as traffic that enters and exits the environment the tool should also watch traffic that moves laterally across the network.
- Flexible architecture: A fourth important feature is flexibility. The architecture should be able to fit into an organisation’s existing environment without the need for widespread changes.
By taking the time to rigorously evaluate and test NDR tools prior to deployment, an organisation can be confident it is selecting the one that will best meet its needs. Visibility of the entire IT infrastructure will be enhanced and the ability to spot threats before they cause disruption or loss will be greatly improved.
Gigamon exec cautions on vulnerabilities in network and port spoofing
Cloud security evangelist at Gigamon, Stephen Goudreault, advises that as with all technology, new tools are iterations built on what came before, and classic network logging and metrics are no different.
He says that tooling, instrumenting and monitoring of network traffic are virtually unchanged across the private cloud and on-premises. Many of the logs and metrics in use today are nearly two decades old and were originally designed to solve for billing, among other problems.
“Visibility into traffic flow patterns was an added bonus. Traffic logging just happens to be the use case that has endured,” says Goudreault. “However, this reliance on established methods has left some vulnerabilities in network and port spoofing.”
But what is port spoofing and why is it important?
Like application and data visibility on the network, many rules and RFCs now in use were written over a decade ago and describe how something ‘should’ work, although there are no real rules enforcing that.
This provides a lot of flexibility for possible deployments that are rarely used. When an application or service is misconfigured or if a bad actor wants to evade detection, even the slightest changes to standard ports can hamper most current visibility and detection schemes.
Port spoofing is a known technique, and MITRE ATT&CK has a whole category dedicated to this kind of evasion.
One of the most common and versatile examples of evading visibility is using Secure Shell (SSH) protocol on non-standard ports. SSH is usually assigned to port 22.
Security tools assume SSH traffic will use port 22, and nearly every security team in the world keeps that port tightly locked down. Common practice is to block this port at the perimeter and call things secure. Easy, right?
Not so fast. What if a bad actor changed the default port on their SSH traffic? Port 443 is widely used for HTTPS/TLS and is nearly always kept open.
HTTPS traffic is ubiquitous in the modern enterprise, for both business critical and personal activities. IT firewalls are not going to routinely block port 443/HTTPS, thus making it an ideal point of entry for attackers.
Changing SSH to operate on 443 is a simple task. There are many forums that provide detailed instructions on legitimate and illegitimate reasons to do this. Almost all modern cloud visibility tools will report the traffic as what it appears to be, not what it actually is.
Even workloads in the cloud can misidentify their own connections. An active SSH session can be misreported as TLS because the Linux OS assumes the type of connection based only on the port.
The network gets it wrong, and the operating systems tools get it wrong as well by reporting this traffic as a known known.
Nearly all traffic is assessed by its TCP and UDP ports today. This leads to many assumptions as to the nature of the traffic. This is true in the public cloud, in private cloud, and on-prem.
In today’s ever more security-conscious world, making assumptions about the nature of traffic isn’t as safe as it once was. SSH is a very powerful tool that threat actors can use for file transfers, tunnelling, and lateral movement across any network.
This is just one example of how a single tool can have many uses. Factor in other applications and protocols, and the realisation of how much can’t be seen becomes daunting. MITRE has its own category for port spoofing, and the trend is only growing.
East-West traffic requires deep observability too. Next-generation firewalls (NGFWs) have solved for this problem on-premises at perimeters points. The public cloud, however, is a different story, and this problem has yet to be solved at scale for East and West or laterally.
VPC flow logs only record the conversations that took place along with the port number, without really knowing what application or protocol was in use. Deep observability with deep packet inspection investigates the conversation and can properly identify the applications and protocols in use.
My company calls this application intelligence, which currently identifies more than 5,000 applications, protocols, and attributes in network traffic inspection.
Application metadata intelligence doesn’t just look at outer headers, it also looks deeper into the packet. We look deep into the unique characteristics of the packet that define a given application. This is called deep observability.
If an attacker is connecting via SSH from workload A to workload B in the same subnet, my company’s deep observability pipeline, using application intelligence, sees the traffic for what it really is and reports it to the security tools.
In this case, we can alert tech that there is SSH traffic masquerading as web traffic on port 443. This depth of observability can be easily spanned East and West across your entire enterprise including the public cloud and container-to-container communications.
In the public cloud, deep packet inspection has a unique set of challenges. There is no broadcast, and to inspect traffic there either needs to be a security VPC to funnel traffic through or traffic mirroring.
The second and less complicated option is to mirror the traffic to appropriate tools. Gigamon solves for this second solution. The benefits include less deployment complexity and operational friction without impairing performance as an inline inspection path would.
The known knowns are that developers will continue to run fast, DevOps will inadvertently deploy unknown or misconfigured applications, and threat actors will continually seek to exploit these vulnerabilities to create blind spots.
SecOps will try to verify rules and protections, which can only really be accomplished with deep observability with network-derived intelligence and insights.
If an organisation can’t detect a simple use case of SSH on a non-standard port, what other known unknowns could be lurking in its hybrid cloud infrastructure?
Microsoft Outlook zero-day has been live for nearly a year – Mandiant
As has been reported worldwide recently, Microsoft has disclosed a zero-day (CVE-2023-23397) on email and comms platform Outlook.
Mandiant research has linked the zero-day to Russian threat actor APT28.
CVE-2023-23397 is a vulnerability in the Outlook client that requires no user interaction and for which proof of concept exploits are now widely available. Mandiant Threat Intelligence considers this a high-risk vulnerability due to the possibility of privilege escalation with no user interaction or privileges required for exploitation. Following exploitation an attacker could authenticate to multiple services and move laterally. Exploitation of the zero-day is trivial and it will likely be leveraged imminently by actors for espionage purposes or financial gain.
Mandiant believes the zero-day has been used for almost a year to target organisations and critical infrastructure. These targets could facilitate strategic intelligence collection as well as disruptive and destructive attacks inside and outside of Ukraine.
Mandiant has created UNC4697 to track early exploitation of the zero-day. The vulnerability has been in use since April 2022 against targets across government, logistics, oil/gas, defence, and transportation industries located in Poland, Ukraine, Romania, and Turkey.
Mandiant anticipates broad, rapid adoption of the CVE-2023-23397 exploit by multiple nation-state and financially-motivated actors, including both criminal and cyber espionage actors. In the short-term, these actors will race against patching efforts to gain footholds in unpatched systems.
Proof-of-concepts are already widely available for the zero-day which requires no user interaction.
In addition to the collection of intelligence for strategic purposes, Mandiant believes this zero-day was used to target critical infrastructure inside and outside of Ukraine in preparation for potential disruptive or destructive cyberattacks.
Note that this vulnerability does not affect cloud-based email solutions.
John Hultquist, Head of Mandiant Intelligence Analysis – Google Cloud, said of the zero-day:
“This is more evidence that aggressive, disruptive and destructive cyberattacks may not remain constrained to Ukraine and a reminder that we cannot see everything. While preparation for attacks do not necessarily indicate they are imminent, the geopolitical situation should give us pause.”
“This is also a reminder that we cannot see everything going on with this conflict. These are spies and they have a long track record of successfully evading our notice.”
“This will be a propagation event. This is an excellent tool for nation-state actors and criminals alike who will be on a bonanza in the short term. The race has already begun.”
Adversary Operations has created UNC4697 to track exploitation of the zero-day which has been publicly attributed to APT28.
APT28 is a Russian military intelligence (GRU) actor that regularly carries out cyber espionage and information operations within and outside of Ukraine. APT28 frequently collaborates with the GRU actor Sandworm, who is responsible for disruptive and destructive attacks.
Entrust report reveals passwords often forgotten, changing the face of ID landscape
The Future of Identity Report finds that consumers want more convenience but are not prepared to sacrifice security.
The Future of Identity Report, a new research study from the Entrust Cybersecurity Institute, surveyed 1,450 global consumers, with 400 from Asia Pacific (APAC), to explore their experiences with password-less authentication, hybrid identities, and ownership over personally identifiable information. The report reveals that consumers want more convenience when it comes to identity credentials.
“The pace of commerce and business is moving faster than ever before, and as a result our lives are becoming more digital,” said Jenn Markey, Vice President of Payments & Identity at Entrust. “As organisations and governments bring more digital services online, it’s becoming clear that the road to digital transformation has been bumpy, at times leaving users behind. With this survey, we set out to help leaders understand how users feel about the journey thus far, and how organisations can navigate the future of identity.”
It’s Time to Move Beyond the Password
The results are clear − passwords have outrun their course and it’s time to provide users a simpler, more secure way to validate their identity. In fact, with more digital services available than ever, consumers are actually struggling to recall an ever-growing inventory of password credentials, with 41% of respondents from APAC resetting a password at least once a month because they can’t remember it. Even more alarming, nearly 10% of users who responded do so at least once a week. As consumers yearn for greater convenience and security, biometrics are poised to dethrone passwords. When given the option between biometrics or a password, three quarters of APAC respondents will choose biometrics half the time or more. A third will always choose biometrics when available.
“There’s no single or right way for organisations to authenticate customer, employee, or citizen identity,” said Mark Ruchie, Chief Information Security Officer at Entrust. “There is always a trade-off between providing relatively frictionless access experiences and incorporating safeguards that confirm users are who they claim to be. The authentication methods you employ can — and should — change depending on the sensitivity of data users are accessing, whether you’re serving customers or employees, or if atypical login behaviours are exhibited.”
Digital Identity is Picking Up Steam But Awareness Lags Behind
Digital identity is a rapidly evolving space, with the market expected to reach $70.7 billion by 2027, but consumers are having trouble keeping up, according to Entrust’s survey. When asked whether they had an electronic ID (eID), one fifth of respondents in APAC weren’t sure. But despite a general lack of awareness about eIDs, consumers are largely on board with the concept of digital identities. Seven out of 10 respondents in APAC said they would likely use a digital form of government-issued ID if one were available, citing improved convenience as the primary reason for why.
“Both digital and physical identities have their pros and cons — but it’s not a zero-sum game. Offering consumers access to both formats affords them the flexibility to choose what works best for them or for a given situation,” said Anudeep Parhar, Chief Operating Officer at Entrust. “Businesses that recognise the benefits of hybrid solutions can not only position themselves as a modern company, but also as a leader that can influence global trends.”
Convenience and Control Drive Consumer Trust
The Future of Identity Report reveals that the majority of consumers understand that exchanging their data for convenience is a necessary trade-off, with 75% in APAC agreeing that sharing personal information for access to goods, services, and applications is unavoidable. While consumers may be willing to give up their data for the sake of convenience, survey respondents are split down the middle when it comes to how comfortable they are with organisations owning and storing a digital identity for them and whether or not organisations can be trusted to keep their data safe. The survey findings reinforce that offering consumers convenient digital experiences for personal identifiable information should be the bare minimum, and in order to regain customer trust, organisations also need to provide data privacy controls.
The Future of Identity is the first research report from the Entrust Cybersecurity Institute, the insights arm from Entrust that shares news, analysis, and commentary for IT and business leaders charged with protecting and enhancing IT infrastructure.
To learn more about the future of identity visit: https://www.entrust.com/cybersecurity-institute/reports/future-of-identity
Exabeam and NEC Australia partner on cyber security
NEC Australia, a leading cyber security solutions and services company, has partnered with Exabeam, a global cybersecurity leader and creator of New-Scale SIEM™ for advancing security operations, to provide a full spectrum threat detection, investigation, and response (TDIR) service to the Australian market.
NEC’s Managed SIEM + XDR service leverages the Exabeam Security Operations Platform to provide a cloud-scale security information and event management (SIEM) solution along with extended detection and response (XDR). NEC’s managed service supports both government and enterprise customers to gain extended visibility, detailed user and entity analysis, and effective threat detection and response across all areas of their IT environments.
Connell Perera, National Portfolio Manager Security, NEC Australia, said: “After a thorough analysis of leading SIEM and XDR technology vendors, including consulting our global cybersecurity network, we were excited to partner with Exabeam. Exabeam enables NEC Australia to effectively manage exposure to cyberattacks across our customers’ distributed, complex networks whilst meeting regulatory and industry compliance requirements.”
“There is no doubt that Australia is facing a rise in cyberthreats. Anomalous behaviours are becoming even more prevalent across the spectrum of industries and critical infrastructure. It is essential for organisations to partner with a trusted, well-resourced service provider to counter these threats. It is an honour to work with NEC to help make that happen,” concludes Gareth Cox, VP of Sales APJ, Exabeam.
NEC’s managed service offerings are built upon industry-leading technologies that deliver mutual value. As such, each service has been fully defined, scoped, and built to cater for the Australian marketplace with a unique value proposition and benefits to NEC customers.
Powered by Exabeam, NEC’s SIEM + XDR solution is designed to provide a 24x7x365 ‘endpoint to cloud’ security monitoring for both NEC clients and NEC Australia’s own network and systems infrastructure, plus cloud services and more.
The service focuses on identifying unusual and suspicious behaviour through real-time visibility of threats mapped to the global threat landscape. The Exabeam platform provides all key elements of the SIEM + XDR service. This includes advanced real-time and historical log correlation, security log management and retention, and advanced behaviour analytics that leverage threat intelligence to provide greater context of the security posture of an environment.
NEC’s Managed SIEM + XDR service will leverage all components of the Exabeam Security Operations Platform, which include:
- Cloud-scale Security Log Management
A cloud-native data lake architecture to securely ingest, parse, and store security data at scale from any location, providing a lightning-fast search and dashboarding experience across multi-year data.
- Powerful Behavioural Analytics
Over 1,800 rules and 750+ behavioural model histograms automatically baseline normal behaviour of users and devices to detect, prioritise, and respond to anomalies based on risk.
- Automated Investigation Experience
An automated experience across the TDIR workflow which reduces manual routines, accelerates investigations, reduces response times, and ensures consistent, repeatable results.
Sean Abbott, Director Channel and Alliances for Asia-Pacific at Exabeam, said of the partnership: “Our strategic partnership with NEC provides Exabeam with a local connection to a true powerhouse in the global systems integrator space. We’re excited for the numerous possibilities opening for Exabeam in untapped markets.”
To learn more about the Exabeam New-Scale SIEM portfolio of products, visit https://www.exabeam.com/product/
Radware launches next-gen cloud application security centre
Radware® has introduced a next-generation cloud application security centre as part of its cloud security service growth initiative, which is focused on innovation and scalability.
The new security centre, in Tel Aviv, Israel, home to the company’s headquarters, complements the company’s existing cloud DDoS scrubbing centre, also in Israel.
The addition of the new centre follows the recent rollout of facilities in Australia, Canada, Chile, Italy, New Zealand, Taiwan, and the United Arab Emirates. The facilities are part of Radware’s worldwide cloud security service network, which includes more than 50 security centres and delivers an attack mitigation capacity of 12Tbps.
The centres are designed to reduce traffic latency as well as increase service redundancy and mitigation capacity to help customers defend against denial-of-service attacks, web application attacks, malicious bot traffic, and attacks on APIs. They also help increase resiliency and comply with offshore data routing requirements.
“Radware’s security centres deliver a global footprint, network and application security, true multi-tenant service, as well as high resiliency,” said Zion Zvi, CEO at Trustnet, a leading integration and consulting company in the field of information and cyber security. “Radware’s latest cloud expansion offers a great service to Israeli organizations in need of rapid response times and scalable protection.”
The Israeli cloud application security centre supports Radware’s 360-degree Cloud Application Protection Service, which spans from the browser side to the server side. The best-of-suite offering includes the company’s cloud-based web application firewall, bot manager, API protection, application-layer DDoS protection, and its recently released client-side protection.
To deliver a higher level of application security with lower false positives, the security is based on automated, machine-learning based algorithms that learn legitimate user behavior and then separate malicious and legitimate traffic. Dozens of Israeli customers rely on Radware’s cloud security services.
According to Radware’s 2022 Global Threat Analysis Report, the number of DDoS attacks rose by 150% compared to 2021. Web application and API attacks increased 128% year over year, significantly out pacing the 88% increase in attacks between 2020 and 2021.
“Fuelled by the increasing frequency and sophistication of cyber attacks and strong business demand, we continue to expand our global cloud security footprint across major geographies,” said Haim Zelikovsky, vice president of cloud security services for Radware.
“The cloud security centres combine state-of-the-art protection and ultra-high bandwidth performance to defend against the most harmful network and application attacks.”
Industry analysts such as Forrester Research, Gartner, GigaOm, KuppingerCole and Quadrant Knowledge Solutions continue to recognise Radware as a market leader in cyber security. The company has received numerous awards for its application and API protection, web application firewall, bot management, and DDoS mitigation solutions.
BeyondTrust Named to JMP Securities Cyber 66 List of Hottest Privately Held Cybersecurity Companies
- Annual report, formerly known as the Elite 80, highlights the most well-positioned private cybersecurity companies finding success and influencing the market landscape
- BeyondTrust is included in the annual report for the sixth time in nine years of the report’s publication and positioned as having the capability to dominate its respective marketplace
BeyondTrust, the worldwide leader in intelligent identity and access security, today announced that it has been named to JMP Securities Cyber 66. This annual report, now in its ninth year, highlights the 66 hottest privately held cybersecurity vendors who are finding market success and influencing the landscape even through difficult headwinds facing the market.
This news comes on the heels of the company’s announcement of record growth in 2022, during which it accelerated recurring revenue to 80% of total revenue, with greater than 25% YoY ARR and 90% YoY subscription ARR growth. BeyondTrust also recently introduced its new Identity Security Insights solution, which uncovers hidden privileges and attack vectors, empowering security teams to rapidly detect and address identity threats.
“Although the recent macroeconomic environment has created a significant level of uncertainty for companies and investors, threat actors have not slowed their rate of attacks simply due to turmoil in the financial markets,” says report co-author Trevor Walsh, Director of Equity Research at JMP Securities, A Citizens Company. “As a result, we have seen resilience in cybersecurity budgets as C-Suite leaders realise they cannot shortchange critical cyber initiatives at the expense of weakening the organisation’s security posture. This is especially true for identity security projects for which we continue to see elevated importance in the context of frameworks such as Zero Trust and the prevalence of identity-based attacks.”
“As the leader in intelligent identity and access security, our mission is to protect identities, stop threats, and deliver dynamic access to empower and secure a work-from-anywhere world,” said Janine Seebeck, CEO at BeyondTrust. “We are excited to be recognised by JMP Securities as a market-leading cybersecurity company addressing today’s rapidly evolving threat landscape, which is creating a new urgency to achieving cybersecurity goals. BeyondTrust protects identities and critical access from security threats while creating operational efficiencies.”
Follow BeyondTrust:
Twitter: https://twitter.com/beyondtrust
Blog: https://www.beyondtrust.com/blog
LinkedIn: https://www.linkedin.com/company/beyondtrust
Facebook: https://www.facebook.com/beyondtrust
Network-derived intelligence and insights critical to security and performance of multi-cloud workloads – IDC research
Deep observability company Gigamon has announced new research findings from IDC, conducted with more than 900 IT leaders globally, which offers CIOs, CISOs and their IT organisations insights to drive performance, protection and productivity with observability across their digital infrastructures.
The IDC White Paper* also affirms that harnessing the power of network-derived intelligence and insights is critical in detecting today’s increasingly sophisticated security threats across hybrid and multi-cloud infrastructure.
With 95 percent of organisations claiming to have experienced a ransomware attack in 2022, security remains top of mind for IT leaders regardless of their industry. According to the IDC White Paper, over 60 percent of respondents believe that today’s observability solutions serve narrow requirements and fail to provide a complete view of current operating conditions.
To address today’s rapidly evolving security requirements, enhancing traditional observability capabilities that rely on metrics, events, logs, and traces (MELT) with real-time network-derived intelligence and insights is essential to mitigate security risks across hybrid and multi-cloud infrastructure.
Only with this deep observability can organisations find the greatest value from observability across both on-premises systems and cloud services, core and edge components, and cybersecurity functions.
“Networking, cybersecurity and observability are becoming intertwined. IT organisations are looking to leverage an immutable source of truth and more collaborative management efforts to break down siloed technology approaches, position themselves for long-term success, and, ultimately, deliver the best possible business outcomes,” said Mark Leary, research director with IDC.
“Deep observability must be prioritised as IT organisations look to fully realize the transformational promise of a resilient and responsive digital infrastructure and continually maintain a strong security posture to meet today’s digital business requirements.”
Key findings:
- The top cited benefits of observability include security (34 percent), staff productivity (33 percent), and digital/user experience (25 percent).Observability also delivers a mix of both tactical (e.g., resolution, continuity, tracking) and strategic (e.g., experience, governance, innovation) benefits.
- Over 75 percent of organisations use or plan to use deep observability solutions to support automation efforts in future years. Deep observability can enable a hierarchical platform-based approach in which detailed data and artificial intelligence (AI)/machine learning (ML)–driven analysis can produce a single source of truth, converge data and tools, and enable talent to deploy, operate, repair, and enhance digital infrastructures in a timely manner.
- The market will see increased investments in cloud services over the next few years, with over half of respondents (51 percent) citing it as a priority. In fact, 72 percent of organisations strongly agree that cloud service intelligence should be leveraged to optimise costs and secure information. Cost from technical debt and the complexity of supporting multiple generations of infrastructure are some of the biggest barriers for organisations in achieving their digital infrastructure resiliency goals.
- Network-derived intelligence can support adherence to SANS 20 Critical Security Controls, potentially eliminating 98 percent of possible attack vectors. Today, over 50 percent of respondents state that they actively share network intelligence across IT teams, and more than 60 percent of organisations are making progress in leveraging these insights in their security management practices.
“Over 90 percent of organisations operate in a hybrid and multi-cloud world, yet security blind spots remain a significant barrier for technology leaders looking to get the most out of their cloud investments,” said Chaim Mazal, Gigamon’s chief security officer.
“This research not only points to the critical role that deep observability plays in securing complex cloud environments but the necessary convergence of NetOps and SecOps teams in fortifying modern cybersecurity practices. Gigamon is leading the industry into the next stage of observability, rooted in cross-functional team collaboration, proactive detection, and threat remediation.”
The findings are based on a survey, conducted by IDC, of over 900 global IT leaders across North America, APAC, and EMEA, which included a mix of major industries (financial, manufacturing, retail/wholesale, healthcare, transport/utilities, education, government, and professional services).
All respondents held roles of manager or above, with key decision-making responsibilities for observability functions and solutions that span across IT operational domains, including networking, security, and cloud.
For detailed survey results, click here. To learn more about the Gigamon Deep Observability Pipeline and how it can help your organization navigate its multi-cloud journey click here.
*Doc. #US49816122, November 2022
HID survey reveals sustainability, mobile access to be among top priorities for security industry
HID has brought out its inaugural State of the Security Industry Report, which gathered responses from 2,700 partners, end users, and security and IT personnel across a range of titles and organisation sizes representing over 11 industries.
By looking at what’s driving the next innovations and the technology that supports them, the security industry is empowered to create more value for its organisations and its people according to HID’s reading of the results.
Commenting on the survey, Steve Katanas, Regional Head, Mature Markets, ANZ, Physical Access Control Solutions, HID said: “We are grateful for the opportunity to share insights with the security community as part of this year’s State of Security Industry Report. Mapping our industry’s dynamic trends helps provide a deeper understanding of customer needs and challenges. We are confident that our report will help security teams adapt faster and better capitalise on innovative solutions.”
Conducted in quarter 4 of 2022, the survey reveals five common threads, as follows:
Nearly 90% of respondents acknowledge sustainability as an important issue
End users are increasingly demanding that suppliers provide footprint transparency in terms of their operations, product sourcing and research and development practices, with 87% of respondents stating that sustainability ranks as “important to extremely important.” Mirroring this trend, 76% said they have seen the importance of sustainability increasing for their customers.
To support this growing demand, security teams are leveraging the cloud and the Internet of Things, even more, to optimise processes and reduce resources. Additionally, new products and solutions are being strategically developed to address sensible energy usage, waste reduction and resource optimisation.
Most organisations still need to fully embrace identity “as-a-service” (IDaaS) to support hybrid work
The majority of survey respondents—81% of them—stated they are offering a hybrid work model. As an example, 67% of respondents state that multifactor authentication and passwordless authentication are most important to adapting to hybrid and remote work, while 48% point to the importance of mobile and digital IDs.
Interestingly, the survey also reveals almost half of the organisations aren’t quite ready to implement a comprehensive IDaaS strategy.
Digital IDs and mobile authentication to propel many more mobile access deployments
Identification and authentication are more commonly completed via mobile devices, including smartphones and wearables. The growing popularity of digital wallets from major players such as Google, Apple and Amazon is a key driver of this trend. And expanded capabilities allow smartphone users, for example, to add keys, IDs and digital documents directly in the wallet app. These include, but are not limited to, drivers’ licenses in eight states, verifiable COVID-19 vaccination information, employee badges, student IDs and hotel room keys.
Commercial real estate companies (40%) are outpacing other verticals as large commercial real estate firms are leveraging mobile access as part of their larger tenant experience apps, according to the HID survey.
Nearly 60% of respondents see the benefit of contactless biometrics
Biometric technologies represent a major break from more conventional means of access control. Using biometrics as an additional authenticating factor (e.g., biometric scans to verify an individual’s physical identity) can help organizations eliminate unauthorized access and fraud. The importance of this trend is exemplified in the survey data, which shows that 59% of respondents are currently using, planning to implement, or at least testing biometric technologies in the near future.
Supply chain issues continue to be a concerning factor, but optimism begin to emerge
According to the survey, 74% of respondents say they were impacted by supply chain issues in 2022, although 50% are optimistic that conditions will improve in 2023. Most affected are commercial real estate companies, with 78% citing supply chain problems as their main concern.
More than two-thirds of organisations with fewer than 1,000 employees indicate that they were highly impacted by supply chain issues in 2022, but they are also the most optimistic that these issues will resolve in 2023.
By better understanding the aforementioned topics, security professionals will be better prepared to adapt faster, deliver exceptional digital plus physical experiences, and capitalise on breakthrough innovations in solutions and services. Read the survey in its entirety here.
Celebrating International Women’s Day
The importance of creating better opportunities for women in security
In this episode of the ASIAL Security Insider podcast, we speak with Joanna Simpson (Head of Certis Technology), Nazli Hocaoglu (Legal Officer, ACES Group), and Anna Schreiber (APAC Channel Manager Distribution, Milestone Systems), who share their thoughts on how the security industry can increase greater female participation.
Expert analysis – i-PRO answers questions on open platforms and integration
Local industry experts from i-PRO expand on questions around the market, particularly focusing on why open platforms are important.
Why are open platforms becoming a preferred choice for businesses and organisations?
We can compare the explosion of AI camera applications to the way we experienced it for smartphone applications. However, it doesn’t mean the hardware is not important anymore – actually, it’s more important than ever. Working with poor picture quality or if the hardware is not reliable, and works 24/7, software cannot run or deliver the outcome it has been designed for. As hardware specialists i-PRO is focusing on what they do best – building long-lasting, open network cameras, which are capable of capturing the highest quality images that are required for the latest AI applications, while software developers can concentrate on bringing specialist applications to the market. Same as for smartphones, AI applications will proliferate based on market demand and succeed or fail, based on the value that they deliver.
The development of AI-driven cameras will continue to open opportunities in both traditional security and new areas of business. The combination of good quality images and the ability to analyse data at the edge of the network using Deep Learning capabilities allows the cameras to be used in many new areas, from the automation of processes in industry to keeping shelves stocked in supermarkets and even monitoring the health and safety of shoppers in stores during these pandemic times.
A critical factor for businesses to succeed with this open approach will be to attract the best software developers to work together with in order to build specialist applications for the AI cameras, and get the best value out of them. We have the open hardware platform with the most sophisticated AI-driven cameras. We must now continue to attract software developer partners that want to create applications for the equivalent of our app store – if we extend the iPhone example.
Businesses and organisations are in need for systems that are personalized to their specific need but most importantly they need systems that can adapt to our ever changing world. Open platforms, like the i-PRO open platform, are built with an open and documented API and SDK tools that allow you to personalize the system.
What are the main advantages of taking an open platform approach?
These types of intelligent camera applications are also the basis for automation and introduction of Industry 4.0, in which processes are automated, monitored and controlled by AI-driven systems.
They can be used as intelligent sensors to replicate often repetitive and boring tasks – reducing costs and freeing up the time of the workforce for more rewarding activities. One example of this can be applications like remote monitoring, where the camera acts as a visual verification of the alarm sent, or component application where the camera acts as a sensor inside of a whole machinery delivering the edge analytics.
i-PRO is in a great position because our AI offering is the strongest in the market. Industry specialists tell us that our AI capabilities are ahead of our competitors. In addition, we have built an open AI hardware platform. This means that we focus on where we are strong – on the development of high quality and reliable AI-driven cameras – allowing software developers to bring their own ideas and easily develop their own specific applications to run on our cameras.
And lastly, we are building these capabilities into our cameras at no extra cost to the customer. By the end of 2022, we will have over 100 different AI camera models in the mid-market range and above, without raising prices. We understand that some businesses may not yet be ready to implement AI but they can invest in i-PRO cameras today that are AI-capable and future-proofed – at no extra cost. At i-PRO, we plan to hold our competitive pricing while continuing to add value to our line-up.
In this rapidly evolving security world it’s better to take an open platform approach. Multiple applications can live on one platform, you can also optimize one database and share platform services. It’s impossible for a developer to create an application that can do everything for all end users and industry needs. That means organizations must empower themselves with the ability to add the essential tools that will allow them to continuously improve their security systems.
How important is it to be able to integrate video surveillance with other technology platforms?
I believe we are so much stronger, if we collaborate together with partners – it’s somehow the same as a relationship, but on business level. Again, you can refer to the iPhone and the success their had with their business model.
Our aim at i-PRO is very easy: to make our partners life easier. And that works with thinking on their behalf, making it easy for them to use our hardware and easily add it into their already existing systems.
So far, we’ve already finished integration with the market-leading VMS providers Milestone and Genetec into our AI plug-in called i-PRO Active Guard, a software enabling cost efficient integration of AI into existing CCTV infrastructure for simplified intuitive management based on edge analytics. The AI-based plug-in can turn video management systems (VMS) into powerful search engines capable of real-time searches or deep forensic analysis. This gives the biggest share of the surveillance market access to intuitive and easy end-to-end management of their AI-based meta data, and seamless integration into their existing CCTV infrastructure saving valuable money.
Furthermore, we are already fully integrated with different third-party technology partners giving the market easy access to various applications tailored specifically to their needs. A.I.Tech is one example, with various apps for different verticals, but also Vaxtor, a well-known leading provider in automated license plate recognition software. At i-PRO being able to integrate to other platform or systems completely unlock the development possibilities, there is no more obstacle to the creation of new features for us and for our partners.
It’s i-PRO’s mission to collaborate with the strongest third-party software developers, using our open hardware camera system, to deliver the most powerful AI applications across every industry sector putting our customer-focused business model in action.
Fastly Launches Managed Security Service to Protect Enterprises from Rising Web Application Attacks
Fastly, Inc. (NYSE: FSLY), the world’s fastest global edge cloud platform, has launched Fastly Managed Security Service, a premier 24/7 threat detection and response service dedicated to helping organisations significantly reduce the risk of web application attacks and associated business costs due to lost transactions. Available to Fastly’s global Next-Gen WAFcustomers, Fastly Managed Security Service further demonstrates the company’s commitment to helping global marquee customers deliver innovative, secure digital experiences to their users. Web applications continue to be popular targets for today’s attackers. In fact, according to the Verizon 2022 DBIR, web applications are the number one vector, and not surprisingly, they are also connected to the high number of Denial of Service attacks. This pairing, along with the growing use of stolen credentials (commonly targeting some form of web application) is consistent with what we’ve seen for the past few years. Existing security teams are spread thin and don’t always have the expertise or time to continuously monitor and detect these types of threats. Organisations can deploy Fastly Next-Gen WAF for accurate protection, and now they can further enhance this protection with Fastly’s Managed Security Service.
“Today’s defenders face an uphill battle against cyber adversaries due to an exploding attack surface and increasing volumetric attacks, particularly DDoS attacks. At the same time, security teams want to reduce complexity and prioritise their resources,” said Gino Lang, Vice President of Customer Security, Fastly. “By providing global 24/7 proactive protection, Fastly Managed Security Service delivers comprehensive visibility and the expert staff needed to quickly identify and mitigate potential threats. This frees up organisations to focus their security staff on other business priorities.” This latest announcement builds on the success of Fastly’s Response Security Service and other security offerings. “Fastly’s decision to extend its next-generation security capabilities to offer a managed security service is a natural evolution and reconfirms the company’s commitment to protecting organisations from today’s agile and persistent adversaries,” said Christopher Rodriguez, IDC Research Director, Security & Trust.
IDC recently recognised Fastly as a leader in the “IDC MarketScape: Worldwide Commercial CDN Services 2022 Vendor assessment”, highlighting the company’s ability to create fast, dynamic, and secure digital experiences.