Unsophisticated campaigns use off-the-shelf RATs and other tools to exfiltrate data and demand a ransom to keep it private.

A little social engineering and commercially available remote administration tools (RATs) and other software are all the new Luna Moth ransom group has needed to infiltrate victims' systems and extort payments.

The threat group is essentially pulling off ransom attacks without the ransomware, according to researchers at Sygnia, who today published their findings on Luna Moth.

With co-opted branding from Zoho Masterclass and Duolingo, Luna Moth launches a classic phishing campaign to compromise victim devices and exfiltrate any available data. Phishing emails request a payment for a subscription and offer a PDF attachment with a cell phone number to call for more information. When the victim calls to discuss the invoice, the call is answered by the threat actor, who will try to trick the victim into installing Atera, a widely available RAT, giving the attackers full device control.

The researchers observed Luna Moth abusing other off-the-shelf remote administration tools including Splashtop, Syncro, and AnyDesk for device takeover. In addition to RATs, commercially available tools like SoftPerfect Network Scanner, SharpShares, and Rclone were used to access and exfiltrate data, the researchers added.

"The tools are stored on compromised machines under false names masquerading as legitimate binaries," Sygnia said it in its report on Luna Moth. "These tools, in addition to the RATs, provide the threat actors with the means to conduct basic reconnaissance activities, access additional available assets, and exfiltrate data from compromised networks."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

'Luna Moth' Group Ransoms Data Without the Ransomware

Fraudster innovation will continue to drive successful phishing, business email compromise, and socially engineered attacks, researchers say.

Despite ratcheted-up efforts to prevent account takeover, fraudsters are cashing in on a range of online payment fraud schemes, which researchers predict will cost retail organizations more than $343 billion over the next five years. 

Physical good purchases are loss leaders, making up 49% of online payment fraud, driven in large part by developing markets with little address verification, according to a new Juniper Research report. 

"Fundamentally, no two online transactions are the same, so the way transactions are secured cannot follow a one-size-fits-all solution," Nick Maynard, the report's author, explained in a statement along with the latest online payment fraud findings. "Payment fraud detection and prevention vendors must build a multitude of verification capabilities, and intelligently orchestrate different solutions depending on circumstances, in order to correctly protect both merchants and users." 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Online Payment Fraud Expected to Cost $343B Over Next 5 Years

**LONDON, 11 July, 2022 –** Global research and advisory firm Omdia today unveils its Data Center Thermal Management and Sustainability Intelligence Service. The new annual service offers technology manufacturers, vendors and service providers comprehensive insight and analysis of sustainable data center practices and strategies, with a focus on new technologies such as liquid cooling and energy storage.

Increasing compute requirements continue to drive data center development requiring new approaches to thermal management. At the same time, data center operators and end-users are looking for data centers with sustainability credentials and are making purchasing decisions based on the presence of practices that reduce greenhouse gas emissions.

“While the use of air-cooled equipment dominates data centers today, liquid cooling solutions are gaining interest because they improve the power-to-cooling ratio, address new workload needs and help to achieve sustainability goals. Omdia predicts the liquid cooling market will top $1 billion in 2025,” said Moises Levy, PhD, Senior Principal Analyst, Data Center Physical Infrastructure, Omdia.

Levy added, “The data center thermal management market, which includes the liquid cooling market, is on track to reach $7.7 billion by 2025. The adoption of hybrid solutions involving air and liquid cooling will continue to increase globally in data centers, driven by energy consumption concerns and sustainability goals.”

Through market trends, surveys and reports as well as analyst insights and briefings, the Data Center Thermal Management and Sustainability Intelligence Service will help to:

*   Understand data center investment enabling sustainability
*   Compare and contrast the actions and practices of data center operators
*   Outline ways to improve resource efficiency
*   Offer thermal management strategies and insights into strategy evolution
*   Follow key trends such as AI-based analytics for data center management, equipment renewal, reuse and more

To learn more about the Data Center Thermal Management and Sustainability Intelligence Service please click here.

**ABOUT OMDIA**

Omdia is a leading research and advisory group focused on the technology industry. With clients operating in over 120 countries, Omdia provides market-critical data, analysis, advice, and custom consulting.

Omdia was formed in 2020 following the merger of IHS Markit, Tractica, Ovum and Heavy Reading. Sitting at the heart of the Informa Tech portfolio, Omdia reaches over four million technology decision makers, influencers and practitioners that form part of the wider Informa Tech community and has specialist research practices focusing on Enterprise IT, AI, Internet of Things, Communications Service Providers, Cybersecurity, Components & Devices, Media & Entertainment and Government & Manufacturing.

Omdia: Sustainability Ranks Top on Data Center Operators’ Agendas Despite Cost and Reliability Barriers

The new guidelines would require public companies to file periodic disclosures about their cybersecurity practices and notify the SEC within 96 hours of a material breach.

New cyber-risk management rules for third-party service providers and beefed-up public company disclosures could have far-reaching effects on financial services firms and others that must comply with SEC regulations, requiring senior management to ensure that their companies upgrade their cybersecurity detection and response times significantly. The proposals, issued by SEC Chair Gary Gensler earlier this year, effectively replace the 2018 guidance on how to handle and disclose cyber-risk.

The proposed rules call for data breaches to be disclosed within four days, as well as for companies to disclose information such as senior management's and the board's roles in and oversight of cybersecurity risks, whether companies have cybersecurity policies and procedures, and how cybersecurity risks and incidents are likely to impact the company's financials, according to Gensler.

"When companies have an obligation to disclose material information to investors, they must be complete and accurate. Their disclosures also should be timely," Gensler said.

Jeff Williams, co-founder and chief technology officer at application security platform provider Contrast Security, is in favor of the new rules. 

"The proposed cybersecurity rules are a big and welcome step forward for cybersecurity transparency," he says, adding that they could go even further. "The primary focus is on breach disclosure and not vulnerability disclosure, which I believe is missing the mark on what will truly deliver better cybersecurity to consumers and investors."  

Steven Yadegari, CEO of FiSolve, a consulting firm that specializes in legal, compliance, and operations for financial services firms and asset managers, also points out that the proposed rules "contain more prescriptive requirements compared to existing SEC cybersecurity guidance and rules related to safeguarding information and would require most registered advisers to implement specific, considerable enhancements to their cybersecurity programs."

**Four Days to File**

A fact sheet from the SEC notes that organizations must disclose information about "a material cybersecurity incident within four business days after the registrant determines that it has experienced a material cybersecurity incident." However, the rule states, if a company determines that the impact of a breach is significantly different from originally disclosed in its 8-K filing, an amended 8-K might be required. Text of the proposed rule can be found here.

The 96-hour disclosure window is one day longer than that provided by the European Union's General Data Protection Regulation (GDPR), the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) signed by U.S. President Joe Biden in March, and the New York Department of Financial Services Cybersecurity Regulation, all of which have 72-hour breach notification periods.

Jason Hicks, field CISO at the cybersecurity consulting firm Coalfire, says one of the more controversial aspects of the new regulation — the 96-hour time requirement for a company to disclose the breach — might not be as draconian as many initially believed. 

"The compressed four-day time line jumped out at me, but if you read the fine print, the agency is allowing an indeterminate amount of time to investigate the incident and determine if it is, indeed, material," Hicks says. "However, you are still likely to find yourself making public disclosure before you've completed your entire incident response process."  

The law firm Woodruff Sawyer analyzed the proposed regulation and cited one word that could take the bite out of the apparent extreme nature. 

"Note that the word 'jeopardizes' could be taken to mean that some harm might take place, as opposed to actually taking place," the firm wrote in its published response. "The contingent nature of such disclosure is unlikely to be useful to investors, a point expressed well by the Davis Polk comment letter on the proposed rules."

**Boards Take Responsibility**

The Davis Polk letter, written to the SEC as part of the public request for comments, also questions whether board members need to have cybersecurity expertise. Instead, the firm expects boards to continue to exercise oversight. The question of a board of directors' responsibility for cybersecurity efforts and their personal liability for data breaches has been the subject of other compliance regulations and laws in recent years; this is simply the latest that would put cybersecurity responsibility at the board level.

Marcus Astin, chief operating officer and the governance, risk, and compliance officer at clothier Pala Leather, says he welcomes the new cybersecurity rules.

"They position me and my team to take a more proactive role in cybersecurity risk management," Astin says. "We will be able to identify risks, plan for their execution, and measure the effectiveness of our programs. The new standards are a great opportunity for us to elevate ourselves from reactive risk detection to a more integrated approach."

Adds Yadegari: "We have already seen many firms of all sizes look for help from outside experts. This is a sign of how seriously the industry takes these issues. Whether the proposed rules are adopted or not, I think we will see boards interested in receiving professional advice from experts knowledgeable about cybersecurity, third-party risk management, and GRC. As attacks and technology become increasingly sophisticated, this need only becomes more important to board members and management."

Proposed SEC Rules Require More Transparency About Cyber-Risk

Proactive steps in recruiting women to cybersecurity teams, along with policies focused on diversity, equity, and inclusion, help make cybersecurity teams more effective. Addressing specific barriers that female candidates face will make those teams more inclusive and more representative.

From creating secure environments for hybrid work models to designing safer cloud infrastructures for data security, there is a constant need to solve cybersecurity problems from various domains and standpoints. However, to solve these problems effectively, organizations and governments alike need the right teams.

Nurturing highly effective cybersecurity teams has become a priority for all organizations, and today, an effective cybersecurity team is one that is inclusive of diverse perspectives, particularly those of women.

Research has shown that teams made up of diverse people with various backgrounds, skills, and genders almost always perform better than homogeneous teams. Yet, women are still greatly outranked by men in the cybersecurity space.

While organizations have implemented initiatives like diversity or equality programs, they don't address the specific barriers that female candidates face during recruitment or the problems women face in the cybersecurity workplace, all of which affect the overall productivity and effectiveness of a security team.

This means that organizations need to take more proactive steps in recruiting women into their cybersecurity teams, such as properly implementing policies focused on diversity, equity, and inclusion, and ensuring that they address the barriers qualified candidates face while entering and working in the industry.

**Barriers in the Recruitment Process**

One of the major challenges faced by women is at the recruitment stage. A lot of companies look for people who have specialized, IT-based qualifications for most cybersecurity roles. But cybersecurity isn't an isolated domain, restricted only to IT practitioners. It affects all domains and is influenced primarily by human behavior. Most of the attacks that have happened in recent times are a result of erroneous human behavior and social engineering. The best way to mitigate threats that occur because of human error is to open specialized, isolated security teams to varied perspectives.

Hiring generalists (i.e., candidates who don't have a cybersecurity background) ensures that organizations explore the maximum possible number of user reactions to a cybersecurity product, program, protocol, or any situation that demands caution and awareness from the user's end, leading to an increase in the effectiveness of any team. With the increasing number of vacancies in the industry and the limited number of specialists out there to fill them, filtering candidates who don't have specialized cybersecurity knowledge negates a huge chunk of diverse talent that could help fill the gap. Organizations must consider hiring for entry-level positions based on potential to perform well and add value to cybersecurity teams rather than only considering specialized IT-based competencies. By opening such roles to a whole new set of people, including women, organizations stand to gain better results.

When organizations resort to hiring esoteric profiles, they restrict cybersecurity product or service teams from considering factors beyond homogeneous perspectives while trying to determine possible anomalies in user behavior. Users and attackers will be from various backgrounds, genders, races, and ethnicities. Having a diverse cybersecurity team can help bring about a vivid understanding of user psychology and plug possible loopholes right from the outset. This is possible due to the various life experiences and thought processes a diverse team will bring to the table. This will in turn help predict possible anomalous behavior of users, and set the right detection rules.

**Fostering Inclusive Cybersecurity Teams Through Better HR Practices**

Organizations can make cybersecurity recruitment more inclusive by implementing best practices that specifically address issues that women face.

Tackling preconceived notions that recruiters have while hiring women, and avoiding the age-old question of work-life balance that all women face, would be a good place to start. This goes both ways. Some aspirants have a similar prejudice when it comes to the roles they believe exist in the cybersecurity field. When they think cybersecurity, they see an image of a man wearing a hoodie and hacking systems. This prevents them from exploring the wide range of opportunities the field has to offer, such as governance, risk, and compliance; incident management and response; and SOC teams.

There's a need for awareness among candidates aspiring to enter the cybersecurity industry. Addressing this is the joint responsibility of the organizations that run the industry and of the academic institutions that educate and train the candidates who constitute the workforce.

Despite women constituting a major part of the tech workforce, the challenges they face while entering the cybersecurity domain and once they are in the workplace continue to exist. It's time organizations address these challenges to provide a safer, more inclusive workplace for women, which in turn will benefit the productivity of their teams and ultimately improve the organization's security posture.

Diversity in Cybersecurity: Fostering Gender-Inclusive Teams That Perform Better

Scams pressure victims to "resolve an issue that could impact their status, business."

A recent wave of social media phishing schemes doubles down on aggressive scare tactics with phony account-abuse accusations to coerce victims into handing over their login details.

Last week alone, Malwarebytes Labs uncovered two phishing scams, targeting Twitter and Discord (a voice, video, and text chat app). The Twitter phishing scam sends users a direct message (DM) flagging their account for use of hate speech and requesting the user authenticate the account to avoid a suspension. Users are then redirected to a fake "Twitter help center," which asks for the user's login credentials.

The Discord phishing campaign sends users a message from friends or strangers accusing the user of sending explicit photos that are exposed on a server. The message includes a link to the purported server, and if the user wants to follow the link, they are asked to log in via QR code. If they do, the account will most likely be taken over by scammers, according to Malwarebytes. The message then gets sent to the user's friends from his or her account, perpetuating the phishing scam.

Patrick Harr, CEO at SlashNext, an anti-phishing company, says the Twitter and Discord attacks are a clever twist on the traditional social engineering scam to steal credentials. The best social engineering scams use fear or outrage to move the victim to act quickly without taking too much time to think "Is this a phishing scam?," he explains.

"In both cases, the users of Twitter and Discord are motivated to resolve an issue that could impact their status, business, or entertainment, which is why this phish is so effective," he notes.

Social media platforms are perpetual targets of phishing campaigns, using psychological manipulation to encourage victims to disclose confidential login credentials. The pilfered information is then used by malicious actors to hijack the user's social media accounts, or even gain access to their bank accounts.

But more importantly for enterprises, successful social media attacks on their employees can open the door to infiltration to the company network via the user’s infected device or abused credentials. "This means companies need a BYOD strategy that includes multichannel phishing and malware protection to protect social, gaming, and all messaging apps," Harr says.

**Fear and Urgency as Phishing Tools**

James McQuiggan, security awareness advocate at KnowBe4, explains social media phishes are effective because they use fear and urgency to get the victim to take an action they might not otherwise take. "A lot of the time, phishing attacks rely on the victim reacting to the email in an emotional state," he says. "The victim sees the email and responds without adequately checking the sender or the link."

An example is the threat of the social media account being suspended or a notice that the password has expired. When the victim clicks the link and visits the fake website, it looks exactly like the login page, and the user enters their credentials.

And if the user employs multifactor authentication (MFA) with the account, he says, the attacker can copy that session key to bypass the login and automatically gain access before the victim realizes it.

Attackers typically create high-pressure situations to increase their success rates. "If the target doesn't have time to think or feels pressured to act, they will likely overlook any red flags or gut reactions telling them not to engage," says Hank Schless, senior manager of security solutions at Lookout.

In the two incidents involving Discord and Twitter, Schless says, the attackers went for the integrity of the individual. "The public shame associated with hate speech or inappropriate behavior can be enough to get someone to act without thinking," he says.

**Remote Workforce Susceptible to Phishing**

McQuiggan points out remote workers have less in-person interaction with people around them and are less likely to share the experience or event with their co-workers sitting next to them.

"Suppose the organization isn't providing them with equipment from the organization," he says. "In that case, they will certainly be using their own devices and are more relaxed with them at home than with a machine from their organization."

It's not hard for cybercriminals to search LinkedIn or Twitter to see which users work for the public relations, marketing, or communications teams and then work to target them. He says spear-phishing is a top attack vector to get employees to click the links and "open the electronic front door" of the organization.

SlashNext’s Harr says training should include social engineering scams to demonstrate how personal interactions, such as social media interactions, can impact their work life. "However, we hear from customers that making policy adjustments restricting employees' use of mobile, social, or other personal apps is not well-received," he says. "In fact, asking employees to install managed security on their personal devices is also a non-starter."

McQuiggan says additional training is certainly one method of getting users aware of the various social media attacks. "Avoid relying on the links in the email and use it as an alert to check the account," he adds. "Use the application or a browser to log in and verify if an account is wrong or experiencing problems, as mentioned in the phishing email."

Organizations should employ mobile phishing protection across their entire user base — to both corporate-owned and personal devices, Schless recommends.

"Phishing credentials on mobile devices is typically how attackers can gain discreet access to the broader infrastructure and execute more advanced attacks like ransomware," he explains. "Protection against those more advanced attacks requires visibility into how users are accessing apps and data, then how they interact with that data."

**Phishing Attacks Just Won't Die**

Schless is also seeing a recent increase in voice phishing (vishing) and QR code phishing. "There could also be broader use of deepfake technology to impersonate an individual's voice or face in order to make the malicious communication even more convincing," he says.

Harr says social engineering phishing scams continue to be a serious problem for organizations. "We have seen an increase in requests for SMS and messaging protection as business text compromise, like its cousin business email compromise, is becoming a growing problem for an organization to detect and block."

New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials

Security experts criticize company for reversing course, albeit temporarily, on a decision it made just this February to block macros in files downloaded from the Internet.

_Updated 5:19 p.m. EDT to include Microsoft's clarification that the change is temporary._ 

Several security experts expressed disappointment this week at Microsoft's quiet reversal Wednesday of a decision it had announced in February to disable Office macros in files from the Internet. Likely in response, Microsoft on Friday clarified that the rollback is only temporary while the company makes some additional changes to enhance usability.

In a brief — and barely noticeable — update Wednesday to the February announcement, the company originally said it was taking the step because customers wanted it to do so. "Based on feedback, we're rolling back this change from Current Channel," Microsoft said. "We appreciate the feedback we've received so far, and we're working to make improvements in this experience."

On Friday, the company revised the wording to make clear the rollback was not permanent. "This is a temporary change, and we are fully committed to making the default change for all users," Microsoft noted. The update noted that organizations that wanted to could block Internet macros through the Group Policy setting.

Macros allow users to automate commonly repeated tasks in Microsoft applications such as Word, PowerPoint, and Excel. But they have also long been a favorite attack vector for threat looking to deploy ransomware and other malware on Windows systems via phishing emails and other means. As a glaring example: in January 2022, just before Microsoft announced its decision to block macros from running by default, some 31% of all threats that Netskope blocked involved weaponized Office files.

"Macros in Microsoft Office have been a mixed blessing since their inception," says Mike Parkin, senior technical engineer at Vulcan Cyber. "While they provide a lot of functionality that users like and have leveraged in myriad ways, they’ve also been a popular attack vector since they were introduced."

Microsoft's February announcement that they were doing something about macros as an attack vector was welcomed by people in cybersecurity. So, its change of heart now is a bit disappointing, Parkin says. "While Microsoft has not yet said why they are rolling back the change, it seems likely it’s because users have come to depend on the functionality and would rather keep it in spite of the risk."

A Microsoft spokesman pointed Dark Reading to the company's updated update on the rollback when asked for comment.  

**The Macro Threat**

Microsoft itself has noted the threat that macros pose. In fact, as recently as April, the company urged Windows administrators to ensure Office macros are disabled in the environment to protect against macro malware. The company pointed to several ransomware families that attackers had distributed on Windows systems by abusing macros. Because of this, many security experts reacted with enthusiasm when Microsoft announced that macros from the Internet would be blocked by default in Office starting April 2022.

Starting with Office version 2203, users would no longer be able to enable content macros in files from the Internet by clicking a button, Microsoft had said. Instead, when they attempt to open a download or attachment from the Internet, a message would alert users them about the presence of VBA macros in the file and direct them to learn more about the potential risks associated with the file.

The change prompted a noticeable drop in Office-based attacks. According to Netskope, the percentage of Office malware detected by the company's cloud security platform has declined steadily since February 2022 and hovered at less than 10% for the last five months — compared with 35% a year ago.

Microsoft's reversal this week is going to result in a resurgence of Office malware, says Ray Canzanese, director of Netskope Threat Labs. "We are disappointed with the decision," Canzanese says. "Malicious Office documents are a major infiltration vector for attackers, being used to spread backdoors, info stealers, and ransomware."

Microsoft's decision suggests the company decided to prioritize the usability concerns of a vocal minority of customers over the security benefits inherent in disabling macros by default for all Office users, he says. "Instead of having users who preferred the old behavior opt-out of the enhanced security measure, users and admins will now have to opt-in," Canzanese says. "With this reversal, we expect Office documents to regain their previous popularity among attackers."

Ian McShane, vice president of strategy at Arctic Wolf, says disabling Office macros by default was a huge step forward in securing a tried and tested attack path for adversaries. Re-enabling macros now means Office users are less secure today than they were a week ago. McShane says it would have been better for Microsoft to have continued blocking macros by default than leaving it up to organizations to do it. via group policy settings. The multiple steps and settings that are often involved in doing this can be confusing, he says. 

Instead, the better approach would have been to let those who need macros to enable it via group settings. "Opt-in security benefits no one and is dangerous," he says.

Microsoft Reverses Course on Blocking Office Macros by Default

Fraudster allegedly passed off refurbished, modified Cisco equipment as new to hospitals, schools, and even the military.

The US Department of Justice has charged a Florida man for running a massive scheme that sold more than $1 billion in fraudulent Cisco networking equipment to unsuspecting customers.

Onur Aksoy of Miami, Fla., is accused of personally collecting millions off the scam, the DOJ said in a statement. The accused operated a company called "Pro Network Entities" that sold refurbished, rehabbed, and modified Cisco gear imported from China and Hong Kong along with fake yet convincing packaging, labels, and documentation.

The indictment for Aksoy said that victims who purchased the counterfeit hardware included hospitals, schools, government agencies, and the military, who were left with faulty, failing equipment.

The DoJ charged Aksoy with one count of conspiracy to traffic in counterfeit goods and to commit mail and wire fraud; three counts of mail fraud; four counts of wire fraud; and three counts of trafficking in counterfeit goods.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

DoJ Charges CEO for Dealing $1B in Fake Cisco Gear

CHICAGO, July 8, 2022 /PRNewswire/ -- According to a research report "Security Orchestration, Automation and Response (SOAR) Market **by Offering (Platform & Solutions, Services), Application (Threat Intelligence, Network Forensics, Compliance), Deployment Mode, Organization Size, Vertical and Region - Global Forecast to 2027**," published by MarketsandMarkets™, the global SOAR Market size is expected to grow from an estimated value of USD 1.1 billion in 2022 to USD 2.3 billion by 2027, at a Compound Annual Growth Rate (CAGR) of 15.8% from 2022 to 2027. As SOAR helps security team to fight against alert fatigue, growing incidents of phishing emails and ransomware is driving the market growth.

_Browse in-depth TOC on_ **"Security Orchestration, Automation and Response Market"****398 – Tables  
39 – Figures  
282 – Pages**

**Download PDF Brochure:** https://www.marketsandmarkets.com/pdfdownloadNew.asp?id=176584778

**By offerings, services segment to grow at higher CAGR during forecast period**

Services involve support offered by security vendors to assist their customers to use and maintain security products efficiently. With the increasing sophistication in cyberattacks, organizations are adopting security services to address risks related to cyber threats as well as prevent them. The security services market is segmented across two major types: professional services and managed services. These services enhance the security portfolio of enterprises and safeguard their systems from unauthorized access, exploitation, and data loss. With the increasing digitalization and changing regulatory norms, customers need continuous guidance from SOAR implementation experts. This expertise gathered from managed services helps consumers design customized solutions for their business processes. MSPs also ensure customers are aware of the Return on Investment (RoI) on their security platform.

**By deployment mode, cloud segment to grow at higher CAGR during forecast period**

With the rapid digital transformation, organizations are changing their operating models and embracing cloud-based solutions. Cloud-based deployment offers several benefits to organizations, such as scalability and agility, reduce physical infrastructure, less maintenance cost, and 24/7 data accessibility from anytime, anywhere. Thus, organizations are adopting cost-effective SOAR solutions to prevent and protect volumes of data from cyberattacks. Cloud platforms automate all the process in an organization that falls short of staff to monitor security operations. These platforms also offer additional support and consulting services.

**Speak to Analyst:** https://www.marketsandmarkets.com/speaktoanalystNew.asp?id=176584778

**By Region, Asia Pacific to grow at a higher CAGR during the forecast period.**

Asia Pacific comprises some of the world's largest economies, such as China, India, Japan, and Australia. The cyber threat landscape in these countries is changing every day, with threats experienced by organizations increasing at an alarming rate. In 2021, the most targeted region for cyberattacks was Asia Pacific, it accounted for one in four cybersecurity attacks launched worldwide. The most incidents in the region were experienced by Japan, Australia, and India, where server access and ransomware were amongst the most popular forms of attacks. The type of threats faced by Asia Pacific countries is also changing and growing more complex each day. Asia Pacific is also proactively leading the charge in the development and adoption of many new technologies, including smart cities. As more and more technologies or complex projects are being taken up, the region also becomes increasingly vulnerable to more sophisticated threats. To address these increasing vulnerabilities, many companies are expanding into Asia Pacific. For example, Swimlane, a major vendor of SOAR has extended its cloud-based security automation into Asia Pacific Japan (APJ) amid momentous growth in region.

**Key Players**

Major vendors in the global **Security Orchestration, Automation and Response (SOAR) Market** include IBM (US), Cisco (US), Rapid7 (US), Palo Alto Networks (US), Splunk (US), Swimlane (US), Tufin (US), Fortinet (US), ThreatConnect (US), Trellix (US), Sumo Logic (US), Siemplify (US), LogRhythm (US), Resolve (US), Exabeam (US), manageEngine (US), KnowBe4 (US), D3 Security (Canada), Qvine (US), Cyware (US), LogicHub (US), Cyberbit (US), Logsign (Netherland), SIRP (UK), Tines (Ireland).

**Browse Adjacent Markets:** Information Security Market Research Reports & Consulting

**Related Reports**

Cybersecurity Market by Component (Software, Hardware, and Services), Software (IAM, Encryption, APT, Firewall), Security Type, Deployment Mode, Organization Size, Vertical, and Region (2022 - 2026)

Security Information and Event Management Market by Component, Application, Deployment Mode, Organization Size, Vertical (Information, Finance and Insurance, Healthcare and Social Assistance, Utilities), and Region - Global Forecast to 2025

**About MarketsandMarkets™**

MarketsandMarkets™ provides quantified B2B research on 30,000 high growth niche opportunities/threats which will impact 70% to 80% of worldwide companies' revenues. Currently servicing 7500 customers worldwide including 80% of global Fortune 1000 companies as clients. Almost 75,000 top officers across eight industries worldwide approach MarketsandMarkets™ for their painpoints around revenues decisions.

Our 850 fulltime analyst and SMEs at MarketsandMarkets™ are tracking global high growth markets following the "Growth Engagement Model – GEM". The GEM aims at proactive collaboration with the clients to identify new opportunities, identify most important customers, write "Attack, avoid and defend" strategies, identify sources of incremental revenues for both the company and its competitors. MarketsandMarkets™ now coming up with 1,500 MicroQuadrants (Positioning top players across leaders, emerging companies, innovators, strategic players) annually in high growth emerging segments. MarketsandMarkets™ is determined to benefit more than 10,000 companies this year for their revenue planning and help them take their innovations/disruptions early to the market by providing them research ahead of the curve.

MarketsandMarkets's flagship competitive intelligence and market research platform, "Knowledge Store" connects over 200,000 markets and entire value chains for deeper understanding of the unmet insights along with market sizing and forecasts of niche markets.

SOAR Market Worth $2.3 Billion by 2027, According to Exclusive Report by MarketsandMarkets

This year's RSA Conference saw a strange mix of selling the future and the past — for good reason.

The show floor during the RSA Conference was a dizzying mix of vendors selling solutions ideal for a precloud world and vendors carving out new concepts. There was a bewildering list of acronyms that we knew and several we didn't. CSPMs, CWPPs, and CIEMs were joined by SSMP, CNAPP, and CDR. (Read this companion piece to learn what they mean.)

The main takeaway seemed to be "Secure the future, but don't neglect the legacy of the past" — which is surprisingly reasonable for the volatile and ephemeral world of cybersecurity. Mix that in with the global skills shortage and confusion in the world of talent and, as the title of this article says, welcome-back-to-the-future shock!

Why do we see this strange mix of selling the future and the past? Well, not every company has the same pressures and drivers, so consequently they can be at a different stage of technology transformation. Cloud natives and the growing ranks of "cloud immigrants" (those not born using the cloud but who fully embrace it) live in the 2020s. At the same time, some organizations are moving to enter the 1990s or perhaps 2000s, at least as far as IT security spending goes. People are buying their first SIEM or upgrading to a next-gen firewall, as well as trying to secure cloud-native and cloud-migrated applications and workloads. Different industry sectors have different dynamics, and this is reflected in their architectures and operations.

Back in 1970, the Boston Consulting Group created the paradigm of the four stages of product growth: question marks, stars, cash cows, and pets. The VPN market is a perfect example of the cash cow — larger than all of the cloud security markets combined but with a clearly visible end-of-life looming on the horizon. In contrast, many cloud security solution categories, such as CSPM, CIEM, and CWPP, are now firmly established as rising stars, with healthy innovation and growth being evident.

**Ubiquitous Buzzwords and Hidden Gems**

RSA Conference has always been about buzzword bingo. Extended detection and response (XDR) was everywhere, but the vendor offerings underneath the banner varied widely. XDR is a relatively new term, and the various analyst firms — and even individual analysts within the big firms — are arguing about what it means. This is even more true of zero trust (a phrase that also describes how many CISOs feel about vendor pitches and marketing). More mature detection and response technologies, such as endpoint detection and response (EDR) and network detection and response (NDR) are joined by cloud detection and response (CDR, which I have seen interpreted also as content disarm and reconstruction) and data detection and response (DDR). Managed detection and response (MDR) is an attempt by managed service providers to shed the reputation of simply being there to tell the customer they've been hacked, and to shift a little bit left of the crisis.  

Zero trust is a term that's become overused and is losing traction — however, it's still an integral part of the security landscape. Of course, it's debatable whether zero trust truly models the way that we interact as humans in our customer and supplier relationships, but it is a useful model for cybersecurity architects and engineers trying to reduce the hazard of unintentional connectivity between systems.

And when we talk about hype in cybersecurity, there is one specter that always lurks in the corner. Machine learning spent a good few years being breathlessly abused by excited salespeople, to the point when it seemed like we should expect it to magically inoculate our applications, straighten out our insider risk problems, manage our supply chain, and serve coffee afterward. The reaction this provoked was frustrated CISOs refusing point-blank to talk to any wide-eyed evangelist of the magic box. Thankfully, machine learning and artificial intelligence now provide solid solutions ready to be put into operation. Marketing efforts are focusing on realizable, evidence-backed assertions based on customer benefits, and this is converting into solid growth.

**What Did I Miss?**

Despite the fact that fraud is on the rise, there weren't that many fraud detection solutions. Perhaps their absence is an indication that CISOs are turning away from the dream of the fusion solution and deciding that despite evidence of attackers using cyberattacks in fraud schemes, it's too complex to overcome the corporate politics. 

Dedicated ransomware solutions were also remarkably absent. While CISOs may recognize the benefits of solutions specifically targeted at this huge problem, they need to be able to explain to the CFO why the malware solutions that have already been paid for aren't doing the job. I think that we are not seeing the full ransomware kill chain, as several threat research organizations are identifying links between ransomware, fraud attacks, and other cyberattacks.

Data security solutions seem to be becoming a component of other solutions, such as CWPP (for cloud), or other specific verticals, such as payment solutions, healthcare, and others that have compliance-driven privacy responsibilities. This is another example of how compliance drives security investment (and therefore, engineering and product development). It may be that, as more applications become fully cloud-centric, we will be expecting this capability to be provided natively within the cloud app itself.

It is surprising that Internet of Things/operational technology (IoT/OT) solutions remain thin on the ground. One colleague of mine suggested that the "s" in "things" stands for security, and it's not hard to see the truth behind that witticism. Security has always been driven by compliance and risk, and IoT/OT is still at the stage where design engineers and managers are seeking operational availability and connectivity. 

There appears to be little driving force in investing in secure cybersecurity solutions, despite the evident threat from unfriendly foreign powers, criminal gangs, and destructive activists. As many industrial control engineers say, it's all fun and games until some noxious glowing goo eats through the floor!

What's clear from the RSA Conference is that the industry is ready to use the lessons of the past to point us toward the future.

Source

DARKReading