A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-fhqq-8f65-5xfc: Improper Input Validation in Buildah and Podman

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

GHSA-mc76-5925-c5p6: Link Following in github.com/containers/common

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.

GHSA-3h3x-2hwv-hr52: Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability

PRESS RELEASE

PHOENIX, AZ – September 26, 2024 – Bishop Fox, the leading authority in offensive security, today announced Cosmos for ServiceNow, developed in partnership with ServiceNow to enable customers to effortlessly sync validated exposures from the Bishop Fox Cosmos portal into their ServiceNow® environment, where they can be managed as part of existing security workflows. This integration further improves a customer’s security posture by closing the window of vulnerability while reducing the manual burden on security teams.

ServiceNow’s expansive partner ecosystem and partner program is critical in supporting the $275 billion forecasted market opportunity through 2026 for the Now Platform. The ServiceNow Partner Program recognizes and rewards partners for their varied expertise and experience to drive opportunities, open new markets, and help customers transform their business across the enterprise.

As a Registered Build Partner, Bishop Fox developed this solution to help organizations take action on the detailed findings and remediation guidance provided by the Cosmos managed service as part of their existing security operations. This seamless, bi-directional integration with the Now Platform simplifies the management of vulnerabilities and allows security teams to concentrate on resolving threats and safeguarding assets. The solution is available in the ServiceNow Store. Full product details can be found here, but briefly, the major benefits include:

1.  Streamlined vulnerability remediation with automatically created and updated remediation tickets based on Cosmos findings.
    
2.  Improved incident response efficiency and speed with Cosmos vulnerability data directly integrated into ServiceNow workflows, as well as customizable workflows that mirror an organization’s processes.
    
3.  No data silos or communication gaps, with vulnerability information fully synchronized across Cosmos and ServiceNow
    
4.  Enhanced compliance and reporting by consolidating remediation tracking and reporting into a single platform.
    
5.  Scalable security operations with an augmented ability to manage large volumes of security data efficiently across multiple instances of ServiceNow.
    

“Cosmos has become a standard bearer for vulnerability identification and management with more than 110 billion operations executed per year, a 70 percent reduction in time to remediate critical vulnerabilities, and elimination of 93 percent of resource requirements,” said Kevin Tonkin, chief product officer of Bishop Fox. “By integrating with platforms like ServiceNow, on which our customers depend for managing security operations, we help to further accelerate internal efforts and unburden security teams by making it easier for an organization to take advantage of the full power of Cosmos.”

“Partnerships succeed best when we lean into our unique skills and expertise, and have a clear view into the problem we’re trying to solve,” said Erica Volini, senior vice president of global partnerships at ServiceNow. “Bishop Fox’s Cosmos integration extends our reach well beyond where we can go alone and represents the legacy and goals of the Now Platform. I am thrilled to see the continued innovation we will achieve together to help organizations succeed in the era of digital business.”

About Bishop Fox

Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. We’ve worked with more than 25% of the Fortune 100, half of the Fortune 10, eight of the top 10 global technology companies, and all of the top global media companies to improve their security. Our Cosmos platform, service innovation, and culture of excellence continue to gather accolades from industry award programs including Fast Company, Inc., SC Media, and others, and our offerings are consistently ranked as “world class” in customer experience surveys. We’ve been actively contributing to and supporting the security community for almost two decades and have published more than 16 open-source tools and 50 security advisories in the last five years. Learn more at bishopfox.com or follow us on Twitter.

Bishop Fox Announces Cosmos Integration With ServiceNow

PRESS RELEASE

VIENNA, Va., Oct. 1, 2024 /PRNewswire/ -- The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced that Pam Lindemoen will join the organization as Chief Security Officer & VP of Strategy. In this role, she will oversee the organization's security operations, including cybersecurity and information security, while also leading strategic planning and partner engagement. With nearly 30 years of experience, Lindemoen brings a wealth of knowledge in information security, application development, and infrastructure to the organization.

"We're thrilled to welcome Pam Lindemoen to the RH-ISAC team," said Suzie Squier, president of RH-ISAC. "Her extensive experience in navigating complex regulatory environments and fostering robust security postures will be invaluable to our members. Pam's strategic vision and proven track record in developing comprehensive cybersecurity programs align perfectly with our mission to enhance the security of consumer-facing industries through collaboration."

Lindemoen's expertise spans various industries, including healthcare, technology, financial services, and manufacturing. Most recently, she served as CISO Advisor at Cisco. In this role, among other duties, she was instrumental in facilitating the CISO Leadership Development Program that RH-ISAC provided to develop talent in the industry. Lindemoen also serves on the advisory board for Cyber Florida: The Florida Center for Cybersecurity.

Lindemoen's appointment comes at a critical time for the retail and hospitality industries, which face increasing cybersecurity threats and complex regulatory requirements. Her multifaceted expertise in information security, application development, and infrastructure positions her uniquely to address the diverse challenges faced by RH-ISAC members. As CSO, Lindemoen will play a key role in shaping the organization's strategic initiatives and supporting members in their cybersecurity efforts.

Learn more about RH-ISAC and memberships at rhisac.org.

ABOUT RH-ISAC  
The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is a trusted community for sharing sector-specific cybersecurity information and intelligence. RH-ISAC connects information security teams at the strategic, operational, and tactical levels to work together on issues and challenges, to share practices and insights, and to benchmark among each other – all with the goal of building better security for consumer-facing industries through collaboration. RH-ISAC serves businesses including retailers, restaurants, hotels, gaming casinos, food retailers, consumer products, and other consumer-facing companies. For more information, visit www.rhisac.org.

You May Also Like

Retail &amp; Hospitality ISAC Announces Pam Lindemoen As New CSO and VP

Next time you need to activate a subscription on your TV, watch out for these fake sites scammers are using to trick you and steal your money.

A common way to activate digital subscriptions such as Netflix, Prime or Disney+ on a new TV is to visit a website and enter the code seen on your screen. It’s much easier than having to authenticate using a remote and typing a username and password.

Scammers are creating fake activation pages that they get indexed in Google to lure in victims. Once someone goes to one of these pages, they are redirected to a fake Microsoft scanner that claims child pornography was found on their computer.

Getting from the family-friendly Disney activation page to a very graphic alert is sure to get many victims to panic, even if they have done absolutely nothing wrong. You can see what this scheme looks like in the animation below:

**Malicious Google search results**

The scammers are using Search Engine Optimization (SEO) techniques to place their fraudulent sites on Google’s search results page. Unlike what we have seen before, these are not malicious ads but rather organic search results.

One of the fake websites, _disneyplusbegins\[.\]com_, is a play off the official website, which can be seen when you do a Google search for ‘disney plus begin’:

Clicking on the link will take you to the aforementioned fake site that appears to prompt users to enter their code:

When interacting with the page, victims are automatically redirected to another site hosted on Microsoft Azure. A fake Windows Defender scanner claims that “_Access to this PC has been blocked for security reasons. Alureon Spyware With Child Pornography Download Detected_“:

The page contains a background image with pornographic material, as if it were from sites victims may have visited:

Despite the scary warning page, this is all a scam and you do not need to call the phone number shown on screen. Scammers are waiting for people to call in so they can impersonate Microsoft, remotely log into your computer and either make you send them money or steal directly from your bank account.

**Safety tips**

Visiting a website to activate a new product or service is something we all do at some point. It is easier to quickly type a few keywords into Google rather than entering the full website URL.

However, Google search results can be laced with malicious ads or links to fraudulent pages. If there is a QR code to scan on your TV, you may want to use that instead (with caution) or maybe spend the extra few seconds it takes to type the full URL (making sure you don’t typo it!).

Finally, just know that these fake warning pages are just that, fake. You can simply close them down by clicking on the ‘X’ at the top right. One thing to be careful about is avoiding clicking anywhere else on the page, in particular buttons or images that may say something like “return to safety”. For more practical tips, check out this article on CNBC, in particular the “How to click without getting into online trouble” part.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Fake Disney+ activation page redirects to pornographic scam 

Poor permission controls and user input validation is endemic to the platforms that protect Americans' legal, medical, and voter data.

Source: Xinhua via Alamy Stock Photo

A veritable laundry list of high- and critical-severity bugs have been uncovered in software platforms used by government agencies across the US.

Govtech systems are some of the most critical out there, responsible for storing the most sensitive personally identifying information (PII) US citizens own: Social Security numbers (SSNs) and IDs; legal and medical records; voter registrations; and much more. It will surprise few and comfort no one that these systems also happen to be riddled with vulnerabilities. 

Security researcher Jason Parker uncovered issues in 19 such platforms this year, disclosing more than a handful of them late last week. There was the bug in the state of Georgia's portal for canceling voter registrations, the access control issue that exposed court documents in counties across Florida, and the many critical vulnerabilities bogging down a public records request management platform used by hundreds of city, county, and state governments nationwide.

**Case Study: A Voter Registration Issue**

Some might be old enough to remember when government bugs were cool and inventive. "The Thing," for example — a listening device embedded into a wooden seal, which hung in the residence of the US ambassador to Moscow for seven years before it was discovered.

Today's government bugs are rather banal — access control flaws or improper validations of user input. The kinds of things hackers can use them for, however, are not at all dull.

At the end of July, for example, Georgia launched a voter cancellation request portal. Within days, researchers discovered multiple issues with the site. Parker, for example, found that anyone could submit a cancellation request using only the information easily gleaned from public sources — names, dates of birth, counties of residence — while skipping any requirement for more serious PII, like a driver's license or SSN. The issue earned a "high" Common Vulnerability Scoring System (CVSS) score of 8.6 out of 10, and was fixed shortly after initial disclosure.

It turned out that members of the public had attempted to take real advantage of these issues in the meantime, though, most notably by unsuccessfully deregistering Rep. Marjorie Taylor Greene, and Georgia's Secretary of State Brad Raffensperger, two prominent Republicans in the state.

**A Panoply of GovTech Bugs**

This kind of basic lack of authentication was emblematic of the security flaws Parker has stumbled upon.

Besides the Georgia bug, for example, were the trio of bugs in Granicus' GovQA. GovQA is a public records management system that is used by more than one-third of the largest US cities, more than 80 state agencies, and nearly half of the "top" US counties, according to GovQA's website.

Another series of bugs in Granicus' electronic filing system allowed for the leakage of sensitive information, the ability to block user logins or modify accounts without authorization, and privilege escalation. The "critical," 9.8 CVSS-rated bugs were reportedly patched back in April.

A similar platform, Thomson Reuters' C-Track eFiling, allowed attackers to escalate from regular user accounts to those saved for court administrators by manipulating certain fields in the registration process. A patch for the "critical" 9.1-rated bug was confirmed last week.

More issues of similar severity were uncovered in court record systems used in counties in Florida, Arizona, Georgia, South Carolina, and others.

**Why GovTech Is So Flawed**

Government technologies tend to be flawed for all the reasons one might guess.

"A lot of their systems that I've seen are quite literally 20 years old," Parker explains. "They're just adding whatever on top of these legacy platforms for years and years."

Besides standard bureaucracy, outdated and unloved tech is kept alive thanks to a lack of sufficient funding for new systems, services, and security solutions to protect them. And vendors aren't always held to account for the ways in which they fall short on their ends of the bargain.

If anything's going to change, Parker says, it will start with the Federal Risk and Authorization Management Program (FedRAMP) — a governmentwide program for cloud security assessment, authorization, and continuous monitoring — and StateRAMP — a nonprofit offering a similar program for state and local governments. "These are minimum requirements for cybersecurity," Parker says, "and they're being adopted by more and more states, and counties, too."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Gov't, Judicial IT Systems Beset by Access Control Bugs

PRESS RELEASE

CAMBRIDGE, UK, Oct. 1, 2024 /PRNewswire/ -- Darktrace, a global leader in cybersecurity AI, has today announced the completion of its acquisition by Thoma Bravo, a leading software investment firm, for $5.3bn. The recommended cash acquisition was announced on 26 April 2024 and the Scheme of Arrangement has now become effective. 

Jill Popelka, CEO of Darktrace, said: "Thoma Bravo will be a hugely valuable partner as we pursue further scale and innovation for our next stage of growth. Darktrace's position at the cutting edge of cybersecurity AI coupled with Thoma Bravo's deep strategic and sector expertise will be a powerful combination. Protecting businesses and organisations with best-in-class AI-powered, proactive cybersecurity will remain at the absolute core of what we do. Together, we can take this even further, investing in our people to enhance our technical capabilities and delivering exceptional service and value for our customers."

Seth Boro, Managing Partner at Thoma Bravo, said: "Darktrace holds a unique position at the forefront of cybersecurity technology. As one of the early adopters of AI, the value of its capabilities is evident to businesses, governments and society across the world. We are excited to work alongside Jill and the Darktrace team to build on their success, supporting their ambitions to protect the world from the most advanced cyber threats." 

About Darktrace  
Darktrace is a global leader in AI for cybersecurity that keeps organizations ahead of the changing threat landscape every day. Founded in 2013, Darktrace provides the essential cybersecurity platform protecting organizations from unknown threats using its proprietary AI that learns from the unique patterns of life for each customer in real-time. The Darktrace ActiveAI Security Platform™ delivers a proactive approach to cyber resilience with pre-emptive visibility into security posture, real-time threat detection, and autonomous response – securing the business across cloud, email, identities, operational technology, endpoints, and network. Breakthrough innovations from our R&D teams in Cambridge, UK, and The Hague, Netherlands, have resulted in over 200 patent applications filed. Darktrace's platform and services are supported by over 2,400 employees around the world who protect nearly 10,000 customers across all major industries globally. To learn more, visit http://www.darktrace.com. 

SOURCE Darktrace

You May Also Like

Darktrace Announces Formal Completion of its Acquisition by Thoma Bravo

PRESS RELEASE

New York City, NY. September 30, 2024 – Apono, the leader in privileged access for the cloud, today announced the successful completion of its Series A funding round, raising $15.5 million. The funding round was led by New Era Capital Partners, with participation from Mindset Ventures, Redseed Ventures, Silvertech Ventures, initial seed investors, and more.  

The newly secured funds will be used to advance Apono’s mission of providing AI-driven, simple, innovative, and secure solutions that organizations need to manage access in complex, distributed cloud environments. Additionally, these newly secured funds will be used to accelerate product development and enable Apono to continue its growth, deliver unparalleled value to its customers, and solidify its position as a leader in the identity security space. This latest round brings the total investment from new and current investors to $20.5 million, underscoring strong investor confidence in Apono’s vision and capabilities. 

Apono is a next-gen solution for cloud access governance. The company is committed to delivering capabilities that meet the dynamic needs of modern enterprises and support the development, operations and security teams responsible for securing and maintaining cloud environments they depend on. Apono’s innovative approach provides organizations with a deep understanding of privileged access within their cloud environments, enforces robust security guardrails, and leverages AI-driven least privilege and anomaly detection capabilities to enhance security measures while providing a frictionless experience for end-users. 

“Today, more than ever, we are seeing a shift in the identity space,” said Apono’s Co-Founder and CEO Rom Carmel. “Privileged access management and identity governance are converging, driving the need for more holistic identity and access security solutions, particularly within today’s dynamic cloud environments in which modern businesses operate. As we continue our rapid growth, this funding will enable us to maintain our momentum and continue delivering cutting-edge solutions to our clients. Our investors were drawn to Apono’s unique AI-driven product offering, innovative approach, and its swift adoption by enterprises, recognizing the company’s potential to lead the identity security market.” 

With this investment, Apono is set to significantly expand its US sales and marketing teams, while also expanding investments in research and development. After the company recorded a 300% increase in revenue the last 3 quarters, Apono has welcomed several key industry executives, further bolstering its market position and enhancing its ability to support a rapidly growing customer base. Customers can anticipate new AI-based access product offerings and improved support from Apono’s sales engineering and customer success teams, which have tripled in size in the US. Additionally, to meet the needs of new enterprise customers, the company has added enterprise support teams who will deliver the scale of service today’s enterprises require. These strategic developments will ensure seamless onboarding and continuous support for Apono’s expanding clientele. 

“We are thrilled to support Apono in their mission to revolutionize identity and access security,” said Ziv Conen, Partner at New Era Capital Partners. “Apono’s innovative solution addresses critical challenges in the cloud access management space, providing organizations with robust, scalable solutions. This investment reflects our confidence in Apono’s vision and their ability to lead the market with cutting-edge technology and exceptional customer focus. We look forward to supporting Apono’s continued growth and success as they redefine how businesses manage and secure access in today’s dynamic environments.” 

 “We were able to self-service Apono in minutes, which significantly enhanced customer trust in our global multi-cloud platform. This seamless integration allows our teams to work without friction, ensuring efficiency and productivity. Moreover, it helps us maintain a least-privilege cloud environment, which is crucial for our security and compliance standards,” said Arthur Goren, Director of Cloud Engineering at Hewlett Packard Enterprise.   

Apono is devoted to addressing the evolving needs of the identity and access security landscape, particularly as it has grown to play a more significant role in today’s modern cloud environment. Apono’s solution was built from the ground up to empower organizations to deliver just-in-time, just-enough access management at scale by bridging the security-operational gap in identity and access management. With a focus on innovation and customer success, Apono is poised to redefine how organizations manage and secure access, ensuring robust protection and seamless operations in an ever-changing digital world. 

“In response to the growing complexity and security threats associated with cloud adoption, forward-thinking organizations are increasingly aligning the goals and workflows of their security and engineering teams," said Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC. "Cloud identity and privilege management are central to these alignment efforts. Apono’s approach to cloud privileged access management aligns with these goals and helps bridge the gap between security and engineering teams.” 

For more information visit the Apono website here: www.apono.io.

Apono Raises $15.5M Series A Funding for AI-driven, Least Privilege Solution Set

PRESS RELEASE

NEW YORK and SANTA CLARA, Calif., Oct. 1, 2024 /PRNewswire/ -\- Palo Alto Networks (NASDAQ: PANW) and Deloitte today announced an expansion of their strategic alliance into EMEA and JAPAC regions, making Palo Alto Networks® AI-powered cybersecurity solutions and joint offerings available to Deloitte clients globally. The new agreement builds on the long-standing collaboration between the two organizations, accelerating the adoption of leading cybersecurity capabilities and helping clients realize the benefits of platformization.

Many organizations struggle to manage an increasing number of cybersecurity products to secure their business. This can create a heterogeneous environment that may increase operational complexity and difficulty to achieve essential security outcomes. Platformization, the shift to an integrated platform as opposed to incompatible point solutions, helps reduce the boundaries of these disparate solutions to help organizations enhance security posture while driving operational efficiencies. Embracing this, Deloitte has consolidated multiple point solutions by adopting Palo Alto Networks Cloud and Network Security platforms.

"True transformations require a solution that unites AI-powered platforms with deep industry insights and managed services - what Palo Alto Networks and Deloitte provide clients through our alliance," said Kristy Friedrichs, chief partnerships officer, Palo Alto Networks. "By significantly expanding the availability for our joint offerings and helping mutual customers move to unified platforms, we're addressing their evolving needs and helping them achieve better security outcomes."

"We are focused on helping our clients solve their most complex cybersecurity challenges, which requires ongoing innovation and distinct approaches to technology integration leading to cyber transformation," said Emily Mossburg, Deloitte Global Cyber Leader and a principal, Deloitte & Touche LLP. "Expanding our alliance with Palo Alto Networks enhances our global ability to deliver integrated and platformed security solutions to help global clients improve their security posture through harnessing efficiency and integrating the power of AI to combat the evolving threat landscape."

Deloitte will offer Palo Alto Networks security solutions across its network, cloud, and security operations platforms in order to help clients drive toward consolidation and realize the benefits of AI-powered solutions that ingest integrated data, creating better outcomes and actionable AI insights, including the following:

*   Cyber Detection & Response: Helps enable clients to transform their security operations through the Precision AI-powered Cortex XSIAM® platform that combines the capabilities of  SIEM, SOAR and XDR to simplify operations and accelerate response to cyber threats. Deloitte's intellectual property (IP) can accelerate SOC modernization through consolidation of a heterogeneous tech stack, adoption of complex incident response playbooks, integration with leading IT Service Management (ITSM) platforms and event log aggregation and orchestration, to assist clients in reducing technical complexity while enhancing operational efficiency.
    
*   Cloud Security: Helps to create a more proactive security posture for clients to safeguard their environments, from code to cloud. Deloitte and Palo Alto Networks joint cloud security offerings, launched a year ago, can help enhance the security of ever-changing, cloud-native applications and infrastructure. Deloitte's IP and industry-specific knowledge helps clients mitigate risk and promotes "shift left" security where Deloitte's harmonized cloud security framework, operational workflows and AI-powered automation and orchestration capabilities are deployed to enhance the native capabilities of Palo Alto Networks Prisma® Cloud.
    
*   Zero Trust Adoption: Helps organizations strategize, design, implement, operate and accelerate Zero Trust adoption with the combination of Palo Alto Networks integrated, innovative Network Security platform and Deloitte's IP, workflow integrations and managed services.
    

Learn more about the Palo Alto Networks and Deloitte alliance here.   
Follow Palo Alto Networks on X (formerly Twitter), LinkedIn, Facebook and Instagram.

About Palo Alto Networks   
Palo Alto Networks is the global cybersecurity leader, committed to making each day safer than the one before with industry-leading, AI-powered solutions in network security, cloud security and security operations. Powered by Precision AI, our technologies deliver precise threat detection and swift response, minimizing false positives and enhancing security effectiveness. Our platformization approach integrates diverse security solutions into a unified, scalable platform, streamlining management and providing operational efficiencies with comprehensive protection. From defending network perimeters to safeguarding cloud environments and ensuring rapid incident response, Palo Alto Networks empowers businesses to achieve Zero Trust security and confidently embrace digital transformation in an ever-evolving threat landscape. This unwavering commitment to security and innovation makes us the cybersecurity partner of choice.

At Palo Alto Networks, we're committed to bringing together the very best people in service of our mission, so we're also proud to be the cybersecurity workplace of choice, recognized among Newsweek's Most Loved Workplaces (2021-2024), with a score of 100 on the Disability Equality Index (2024, 2023, 2022), and HRC Best Places for LGBTQ+ Equality (2022). For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, Cortex, Cortex XSIAM, Prisma Cloud and the Palo Alto Networks logo are registered trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners. Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other press releases or public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.

About Deloitte   
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 8,500 U.S.-based private companies. At Deloitte, we strive to live our purpose of making an impact that matters by creating trust and confidence in a more equitable society. We leverage our unique blend of business acumen, command of technology, and strategic technology alliances to advise our clients across industries as they build their future. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Bringing more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte's approximately 460,000 people worldwide connect for impact at www.deloitte.com.

Latest News