CMS helps minimize the impact a cyberattack has on business operations, finances and reputation.

SAN FRANCISCO, June 6, 2022 /PRNewswire/ -- As organizations grow and evolve, so does the threat of cyberattacks. This creates the need to readily identify and protect critical security assets as part of an effective cyber strategy. To help clients strengthen their resiliency in this area, Optiv — the cyber advisory and solutions leader — today launched its new Cyber Recovery Solution (CRS) at the RSA Conference.

Optiv, the cyber advisory and solutions leader, has launched its Cyber Recovery Solution (CRS). Focused on protection and rapid recovery, CRS enables organizations to be resilient during data loss events and helps them get back to business faster.

Optiv's CRS helps organizations get back to business faster by providing strategic and tactical advisory and technology solutions for cyber readiness while enabling rapid recovery to a secure state. CRS identifies and prioritizes the protection of critical assets through automated workflows that backup business-essential data, systems, and applications and supports the implementation of a vaulted, data-isolated, air-gapped backup solution that reduces the risk of data loss.

**Key Benefits of CRS:**

*   **Business/technology alignment:** Identify, prioritize and build a cohesive connection between business and technology.
*   **Enhanced recovery:** Create custom playbooks, defined in advance of an incident, to enable rapid recovery to a secure state.
*   **Reduced risk of business impact:** Minimize the impact a cyberattack has on business operations, finances and reputation.
*   **Cyber resilience:** Build a framework that anticipates and efficiently responds to cyberattacks for better business continuity.

CRS is part of Optiv's holistic approach to cybersecurity and information technology, where business operations are connected with the technology that enables it. CRS is applicable to Zero Trust initiatives, Managed Extended Detection and Response (MXDR) capabilities, supports cyber insurance requirements and more. The application of CRS runs across all technology domains and security initiatives.

"Cyber resiliency is no longer just an IT problem. It's an opportunity for every organization, starting at the top, to implement tools like CRS to better identify threats while readily protecting its security posture," says David Martin, executive vice president and chief services officer at Optiv.

As part of CRS, Optiv works with clients to identify and classify mission-critical business processes, visualizes and prioritizes supporting systems, data and applications, and then develops step-by-step playbooks to quickly restore technology assets. This allows business operations to continue with minimal disruption when a cyberattack occurs. Organizations utilizing CRS can create a stronger cyber resilience framework.

"What matters most today is being able to reduce risk to your business from any threat, in any form" said Jessica Hetrick, senior manager, cybersecurity and enterprise resilience at Optiv. "CRS helps you proactively identify, prioritize and protect critical assets in your environment. This informs your ability to detect, respond and subsequently recover when a cyberattack happens — culminating in a truly resilient organization that can better withstand the most advanced cyber threats."

**Explore More About CRS:**

*   CRS Field Guide
*   CRS Infographic
*   CRS Service Brief
*   Video: CRS Explained

For the latest news and updates from Optiv, visit https://www.optiv.com/newsroom/. **Follow Optiv**  

https://www.optiv.com/explore-optiv-insights/blog

**Optiv Security:** **Secure greatness.™**

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to more than 7,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.

Optiv Launches Cyber Recovery Solution Focused on Protection and Rapid Recovery

New SmallID offering brings cloud-native data privacy and protection to organizations of all sizes.

SAN FRANCISCO, June 6, 2022 /PRNewswire/ -- BigID, the leading data intelligence platform that enables organizations to know their enterprise data and take action for privacy, security, and governance, today announced the availability of SmallID: the first pay-as-you-go cloud data security platform.

Now more than ever, the world runs on data - and it's difficult to have a clear understanding of all data assets across the company.  On top of that, evolving data protection and privacy regulations means that accumulating data without proactively protecting introduces more risk than ever. 

SmallID brings cloud-native data privacy and protection to organizations of all sizes, making it easy to find and mitigate risk across their entire cloud environment. Customers can easily reduce their attack surface, identify high-risk data, and automatically discover dark data across the cloud - without impacting business.  

Customers can now use the first on-demand cloud data security platform to manage their cloud risk posture, by benefitting from years of ML innovation from BigID, packaged up in a lightweight, on-demand platform in SmallID.

With SmallID, customers can:

*   Automatically discover and classify their data by sensitivity, type, regulation, policy, and more
*   Drastically reduce their attack surface
*   Identify shadow data and dark data
*   Improve security posture across the cloud
*   Simplify regulatory compliance with a data-first approach

"Cloud-native organizations leave themselves vulnerable to bad actors and a host of other complex issues when they don't have insight into what kind of data they are collecting," said Tyler Young, Chief Information Security Officer at BigID. "SmallID is a huge step forward for organizations of all sizes to have on-demand cloud protection that reduces the attack surfaces through allowing teams to identify and mitigate risk across their entire cloud environment."

Visit BigID at RSAC 2022 to see SmallID in action, or try it for free today.

**Learn more:**

*   Visit BigID's Data Protection HQ at RSAC2022 - save your spot
*   Visit SmallID-sponsored Cloud Data Security Panels June 7 & 8, with CISO led discussions from Amplitude, Blackstone, Clearsky Cybersecurity, Datadog, Highspot, Optiv, Relativity, Servicenow, ServiceTitan, Wiz, and more
*   Visit Booth #4529 in the North Expo Hall

**About BigID**

BigID's data intelligence platform enables organizations to know their enterprise data and take action for privacy, protection, and perspective. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, a Business Insider 2020 AI Startup to Watch, and an RSA Innovation Sandbox winner. Find out more at https://bigid.com.

BigID Introduces Cloud Data Security On Demand

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.

Return to List

Description

Severity

Notes

**Calico Enterprise & Calico OS are vulnerable to pod route hijacking**

Reference: TTA-2022-001

Date published: 2022-June-1

Medium

N/A

**Description**

Customers running Calico Enterprise and Calico OS are vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker is able to set a floating IP annotation to a pod even if the feature is not enabled. This allows the attacker to intercept and reroute traffic to their compromised pod.

CVE-2022-28224 has been assigned to this vulnerability.

**Severity**

MEDIUM

The validation on using floating IP can be bypassed by annotating the pod directly after pod creation. The routing will be reverted when the annotated pod is destroyed or the annotation is removed. This vulnerability requires the Kubernetes RBAC permission of \[“patch”, “pods”\] to annotate pods.

**Affected Releases**

*   Calico Enterprise v3.12 and below
*   Calico OS v3.22 and below

**Indicators of Impact/Compromise**

Review running pods and identify if floating IP annotations are present.

**Workaround / Remediation**

Review Kubernetes RBAC and review access to \[“patch”, “pods”\].

**Fixed Software**

*   Calico Enterprise
    *   V3.13.0 and above
    *   v3.12.1
    *   v3.11.4
*   Calico OS
    *   V3.22.2 and above
    *   v3.21.5
    *   v.3.20.5

**Acknowledgment**

We would like to acknowledge Aloys Augustin from Cisco for reporting this issue.

Return to List

CVE-2022-28224: Security Bulletins – TTA-2022-001

Randori’s attack-surface management software will be integrated into IBM Security QRadar extended detection and response (XDR) features.

RSA CONFERENCE 2022 – San Francisco – IBM plans to purchase attack-surface management firm Randori in a move that ultimately will expand IBM's extended detection and response (XDR) family of products to incorporate the "attacker's view" of the IT infrastructure.

The buy also will bolster IBM's X-Force with automated red-team functions and add to IBM's threat detection services within its Managed Security Services, the company said.

Randori, which is backed by Accomplice, .406 Ventures, Harmony Partners, and Legion Capital, offers visibility into on-premise and cloud exposure, including risk prioritization features. This is IBM's fourth acquisition of the year.

"Our clients today are faced with managing a complex technology landscape of accelerating cyberattacks targeted at applications running across a variety of hybrid cloud environments – from public clouds, private clouds and on-premises," said Mary O'Brien, general manager at IBM Security, in a statement. "In this environment, it is essential for organizations to arm themselves with attacker’s perspective in order to help find their most critical blind spots and focus their efforts on areas that will minimize business disruption and damages to revenue and reputation."

Financial terms were not disclosed. The deal is expected to close in the coming months, pending closing conditions and regulatory reviews.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

IBM to Buy Attack Surface-Management Firm Randori

As governments crack down on ransomware, cybercriminals may soon shift to business email compromise—already the world's most profitable type of scam.

Ransomware attacks, including those of the massively disruptive and dangerous variety, have proved difficult to combat comprehensively. Hospitals, government agencies, schools, and even critical infrastructure companies continue to face debilitating attacks and large ransom demands from hackers. But as governments around the world and law enforcement in the United States have grown serious about cracking down on ransomware and have started to make some progress, researchers are trying to stay a step ahead of attackers and anticipate where ransomware gangs may turn next if their main hustle becomes impractical.

At the RSA security conference in San Francisco on Monday, longtime digital scams researcher Crane Hassold will present findings that warn it would be logical for ransomware actors to eventually convert their operations to business email compromise (BEC) attacks as ransomware becomes less profitable or carries a higher risk for attackers. In the US, the Federal Bureau of Investigation has repeatedly found that total money stolen in BEC scams far exceeds that pilfered in ransomware attacks—though ransomware attacks can be more visible and cause more disruption and associated losses. 

In business email compromise, attackers infiltrate a legitimate corporate email account and use the access to send phony invoices or initiate contract payments that trick businesses into wiring money to criminals when they think they’re just paying their bills.

“So much attention is being paid to ransomware, and governments all over the world are taking action to disrupt it, so eventually the return on investment is going to be impacted,” says Hassold, who is director of threat intelligence at Abnormal Security and a former digital behavior analyst for the FBI. “And ransomware actors are not going to say, ‘Oh, hey, you got me’ and go away. So it’s possible that you would have this new threat where you have the more sophisticated actors behind ransomware campaigns moving over to the BEC space where all the money is being made.”

BEC attacks, many of which originate in West Africa and specifically Nigeria, are historically less technical and rely more on social engineering, the art of creating a compelling narrative that tricks victims into taking actions against their own interests. But Hassold points out that a lot of the malware used in ransomware attacks is built to be flexible, with a modular quality so different types of scammers can assemble the combination of software tools they need for their specific hustle. And the technical ability to establish “initial access,” or a digital foothold, to then deploy other malware would be extremely useful for BEC, where gaining access to strategic email accounts is the first step in most campaigns. Ransomware actors would bring a much higher level of technical sophistication to this aspect of the scams.

Hassold also points out that while the most notorious and aggressive ransomware gangs are typically small teams, BEC actors are usually organized into much looser and more decentralized collectives, making it more difficult for law enforcement to target a central organization or kingpin. Similar to Russia’s unwillingness to cooperate on ransomware investigations, it has taken time for global law enforcement to develop working relationships with the Nigerian government to counter BEC. But even as Nigeria has put more emphasis on BEC enforcement, countering the sheer scale of the scam operations is still a challenge.

“You can’t just cut off the head of the snake,” Hassold says. “If you arrest a dozen or even a few hundred of these actors, you’re still not making much of a dent.”

For ransomware actors, the most difficult aspect of transitioning to BEC scams would likely be the dramatic difference in collecting stolen money. Ransomware gangs almost exclusively collect victim payments in cryptocurrency, while BEC actors primarily use local networks of money mules in the markets where they launch their scams to launder fiat currency. Ransomware actors would need to plug into existing networks or invest in establishing their own in order to monetize BEC scams and have somewhere for the errant payments to go. Hassold points out, though, that as law enforcement becomes increasingly adept at tracing and freezing cryptocurrency payments—and as the value of cryptocurrencies continues to fluctuate wildly—ransomware actors may be motivated to learn new techniques and switch gears.

Crucially, Hassold notes that while he and his colleagues have not seen evidence of active collaboration between Eastern European ransomware gangs and West African BEC actors, he does see evidence on criminal forums and in active engagement with attackers that ransomware actors are interested in BEC and have been learning about it. Whether this exploration is simply for, ahem, professional enrichment, remains to be seen.

“All of these types of attacks are very serious and the stakes are very high, so it got me thinking about what things will look like in the future when ransomware eventually gets disrupted,” Hassold says. “It’s possible that these two threats on opposite sides of the cybercrime spectrum will converge in the future—and we need to be ready for that.”

The Hacker Gold Rush That's Poised to Eclipse Ransomware

Ransomware attacks, including those of the massively disruptive and dangerous variety, have proved difficult to combat comprehensively. Hospitals, government agencies, schools, and even critical infrastructure companies continue to face debilitating attacks and large ransom demands from hackers. But as governments around the world and law enforcement in the United States have grown serious about cracking down on ransomware and have started to make some progress, researchers are trying to stay a step ahead of attackers and anticipate where ransomware gangs may turn next if their main hustle becomes impractical.

At the RSA security conference in San Francisco on Monday, longtime digital scams researcher Crane Hassold will present findings that warn it would be logical for ransomware actors to eventually convert their operations to business email compromise (BEC) attacks as ransomware becomes less profitable or carries a higher risk for attackers. In the US, the Federal Bureau of Investigation has repeatedly found that total money stolen in BEC scams far exceeds that pilfered in ransomware attacks—though ransomware attacks can be more visible and cause more disruption and associated losses. 

In business email compromise, attackers infiltrate a legitimate corporate email account and use the access to send phony invoices or initiate contract payments that trick businesses into wiring money to criminals when they think they’re just paying their bills.

“So much attention is being paid to ransomware, and governments all over the world are taking action to disrupt it, so eventually the return on investment is going to be impacted,” says Hassold, who is director of threat intelligence at Abnormal Security and a former digital behavior analyst for the FBI. “And ransomware actors are not going to say, ‘Oh, hey, you got me’ and go away. So it’s possible that you would have this new threat where you have the more sophisticated actors behind ransomware campaigns moving over to the BEC space where all the money is being made.”

BEC attacks, many of which originate in West Africa and specifically Nigeria, are historically less technical and rely more on social engineering, the art of creating a compelling narrative that tricks victims into taking actions against their own interests. But Hassold points out that a lot of the malware used in ransomware attacks is built to be flexible, with a modular quality so different types of scammers can assemble the combination of software tools they need for their specific hustle. And the technical ability to establish “initial access,” or a digital foothold, to then deploy other malware would be extremely useful for BEC, where gaining access to strategic email accounts is the first step in most campaigns. Ransomware actors would bring a much higher level of technical sophistication to this aspect of the scams.

Hassold also points out that while the most notorious and aggressive ransomware gangs are typically small teams, BEC actors are usually organized into much looser and more decentralized groups, making it more difficult for law enforcement to target a central organization or kingpin. Similar to Russia’s unwillingness to cooperate on ransomware investigations, it has taken time for global law enforcement to develop working relationships with the Nigerian government to counter BEC. But even as Nigeria has put more emphasis on BEC enforcement, countering the sheer scale of the scam operations is still a challenge.

“You can’t just cut off the head of the snake,” Hassold says. “If you arrest a dozen or even a few hundred of these actors, you’re still not making much of a dent.”

For ransomware actors, the most difficult aspect of transitioning to BEC scams would likely be the dramatic difference in collecting stolen money. Ransomware gangs almost exclusively collect victim payments in cryptocurrency, while BEC actors primarily use local networks of money mules in the markets where they launch their scams to launder fiat currency. Ransomware actors would need to plug into existing networks or invest in establishing their own in order to monetize BEC scams and have somewhere for the errant payments to go. Hassold points out, though, that as law enforcement becomes increasingly adept at tracing and freezing cryptocurrency payments—and as the value of cryptocurrencies continues to fluctuate wildly—ransomware actors may be motivated to learn new techniques and switch gears.

Crucially, Hassold notes that while he and his colleagues have not seen evidence of active collaboration between Eastern European ransomware gangs and West African BEC actors, he does see evidence on criminal forums and in active engagement with attackers that ransomware actors are interested in BEC and have been learning about it. Whether this exploration is simply for, ahem, professional enrichment, remains to be seen.

“All of these types of attacks are very serious and the stakes are very high, so it got me thinking about what things will look like in the future when ransomware eventually gets disrupted,” Hassold says. “It’s possible that these two threats on opposite sides of the cybercrime spectrum will converge in the future—and we need to be ready for that.”

Cisco Talos is monitoring reports of an actively exploited zero-day vulnerability in Confluence Data Center and Server. Confluence is a Java-based corporate Wiki employed by numerous enterprises. At this time, it is confirmed that all supported versions of Confluence are affected by this...


[[ This is only the beginning! Please visit the blog for the complete entry ]]

Cisco Talos is monitoring reports of an actively exploited zero-day vulnerability in Confluence Data Center and Server. Confluence is a Java-based corporate Wiki employed by numerous enterprises. At this time, it is confirmed that all supported versions of Confluence are affected by this vulnerability.

**Vulnerability Details**

The vulnerability, CVE-2022-26134, is reportedly associated with command injection. An attacker could exploit this vulnerability to execute remote code and, per reports, is being actively exploited in the wild. The attacks delivered several payloads, including the in-memory BEHINDER implant as well as webshells, including China Chopper. In addition to the initial attacks outlined in the report, researchers confirmed additional, continued exploitation is ongoing. There is now a Proof of Concept (PoC) available so exploitation could increase in the near term.

The vulnerability itself appears to be an OGNL injection vulnerability specifically impacting the web server and can be exploited via an HTTP request. It appears that all HTTP methods are vulnerable as well. The exploitation appears to be relatively straightforward and should be resolved immediately either through patching or other mitigations.

**Mitigations**

Atlassian has released a set of patches to mitigate the vulnerability. Enterprises are encouraged to test and apply the patch immediately to mitigate the ongoing attacks, patched versions include: 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1. Additionally, they have provided a series of steps to be performed to help mitigate the risk if the patches cannot be applied for any reason.

**Coverage**

Ways our customers can detect and block this threat are listed below.

Cisco Secure Endpoint (formerly AMP for Endpoints) is ideally suited to prevent the execution of the malware detailed in this post. Try Secure Endpoint for free here.

Cisco Secure Web Appliance web scanning prevents access to malicious websites and detects malware used in these attacks.

Cisco Secure Email (formerly Cisco Email Security) can block malicious emails sent by threat actors as part of their campaign. You can try Secure Email for free here.

Cisco Secure Firewall (formerly Next-Generation Firewall and Firepower NGFW) appliances such as Threat Defense Virtual, Adaptive Security Appliance and Meraki MX can detect malicious activity associated with this threat.

Cisco Secure Network/Cloud Analytics (Stealthwatch/Stealthwatch Cloud) analyzes network traffic automatically and alerts users of potentially unwanted activity on every connected device.

Cisco Secure Malware Analytics (Threat Grid) identifies malicious binaries and builds protection into all Cisco Secure products.

Umbrella, Cisco's secure internet gateway (SIG), blocks users from connecting to malicious domains, IPs and URLs, whether users are on or off the corporate network. Sign up for a free trial of Umbrella here.

Cisco Secure Web Appliance (formerly Web Security Appliance) automatically blocks potentially dangerous sites and tests suspicious sites before users access them.

Additional protections with context to your specific environment and threat data are available from the Firewall Management Center.

Cisco Duo provides multi-factor authentication for users to ensure only those authorized are accessing your network.

Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

Talos created the following Snort coverage for CVE-2022-26134:

**SIDs: 59925-59934**

Threat Advisory: Atlassian Confluence zero-day vulnerability under active exploitation

Gurucul automating threat detection, investigation and response (TDIR) with advanced analytics, comprehensive threat content, and a flexible enterprise risk engine for hybrid and multi-cloud environments.

RSAC 2022, Gartner SRM 2022, and Los Angeles, Calif. – Jun 2, 2022 – Gurucul, the leader in Next-Gen SIEM, XDR, UEBA and Identity Access Analytics, today announced availability of the Gurucul Security Analytics and Operations Platform. A cloud-native, unified and modular platform for consolidating core security operations center (SOC) solutions with the vital addition of Identity Threat Detection and Response (ITDR) provides a unified next-gen SOC platform. The Gurucul platform converges the company’s award winning Next-Gen SIEM, XDR, User and Entity Behavior Analytics (UEBA), Network Traffic Analysis (NTA), Security Operations and Automation Response (SOAR), and Identity Access Analytics (IAA) into a single pane of glass that is aligned with the evolving needs of the modern enterprise threat landscape – where identity has become the new perimeter.

Gurucul’s innovative platform is purpose-built to automate and accelerate data collection, event and alert correlation, detection triage, investigation, and response to targeted attacks. It combines threat intelligence with an enterprise-class risk engine, delivering precise contextual detections, prioritized investigation, and risk-driven response actions that drastically reduce mean-time-to-detection (MTTD) and mean-time-to-response (MTTR). Gurucul’s platform can also support the most complex deployments including on-premise, hybrid, and cloud (SaaS, private, GovCloud, and multi-cloud including multi-tenancy), addressing the needs of today’s modern enterprise and managed detection and response (MDR) providers.

With increased sophistication around phishing, social engineering, credential theft, and supply chain attacks, it is more important than ever to go beyond current solutions that are overly concerned with endpoint security and focus on securing identities attached to multiple entities and devices. Based on remote work risks, accelerated cloud migration, and state-sponsored threat actor groups, there has been an increase not only in targeted and organized attack campaigns, but also insider risks and threats.

“The combination of an expanding attack surface with limited resources and constantly changing tools and techniques drives security operations teams’ need for a comprehensive and consolidated platform approach. While the endpoint is critical, we must understand and work to secure the one constant, identity, which requires a new and innovative approach to threat detection, investigation and response programs,” said Saryu Nayar, CEO of Gurucul. “Early and rapid detection occurs with a full set of endpoint, network, application, identity, cloud, and IoT telemetry context along with advanced analytics, including behavioral-based, and an extensive set of trained machine learning models. Gurucul has spent over 10 years developing specialized analytics and threat content that comprehensively covers all these datasets to eliminate manual tasks and enables automation across every stage of the security operations lifecycle.”

As organizations are transforming their SOC to support multi-cloud deployments and zero trust programs, they are looking for an end-to-end solution to help them improve security analyst effectiveness in rapidly identifying and confirming, not just threats and alerts, but the entire attack campaign. While other SIEM or XDR solutions are just starting to scratch the surface of identity, Gurucul has been a provider of Identity Analytics solutions for over a decade with robust access analytics, broad integrations with various identity systems such as IAM, PAM, HRMS, CMDB, IDaaS etc., and risk-based access remediation and authentication. In conjunction with its UEBA capabilities, Gurucul helps customers get an understanding of current-state identity access and authorization policies, and access usage anomalies and risk exposures, to plan out a robust and secure zero trust strategy. The Gurucul platform is a critical part of any ongoing zero trust program as it will continuously monitor for anomalous user behaviors, access proliferation, and access misuse/violations, ensuring zero trust policies are not being evaded by either insider or external threat actors.

"Gurucul has detection and response capability for the entire cyber kill chain, covering a range of data telemetry across complex and distributed multi-cloud deployments as well as the enterprise," said Nilesh Dherange, CTO of Gurucul. “We’ve invested over a decade in building the most powerful suite of solutions in a single platform enabling real-time threat detection, investigation, and response for our customers with a quick ROI. The addition of identity and access based threat detection to its robust TDIR capabilities powered by advanced ML models, positions Gurucul to provide innovative solutions that address the ever-changing SOC needs.”

The Gurucul platform uniquely provides a set of core capabilities that goes beyond current Next-Gen SIEM and XDR solutions that are critical in improving security operations effectiveness, including:

*   Deployment Options – On-premise, hybrid, cloud (including SaaS, private, GovCloud, and multi-cloud).
*   Multi-Cloud Threat Detection, Investigation, and Response – Real-time data ingestion, correlation, analytics, detection, and risk driven response across multiple clouds.
*   Automated Data Pipeline – An Automated Data Interpretation Engine to ingest structured and unstructured data from any source.
*   Gurucul STUDIOTM – Advanced and fully customizable analytics that include transparent machine learning models to accommodate custom use cases.
*   Enterprise-Class Risk Engine – All-encompassing analytics-driven risk scoring to accelerate investigation with high-fidelity alerts and automated responses.
*   Threat Intel & Content – The largest library of threat models, MITRE ATT&CK coverage, and curated threat intelligence powered by Gurucul Threat Labs™.
*   Gurucul MinerTM – Contextual raw and normalized search across all data silos.
*   Risk Driven Security Control Automation – Out of the box case management, playbooks, workflows, and downstream integrations with the ability to customize.
*   Identity Threat Detection and Response – Identity-centric context across enterprise and multi-cloud environments, reduced identity and access threat plane, and automated threat detection early in the kill chain.

**Availability and Pricing**

The Gurucul platform is modular, delivering customized capabilities to match individual customer requirements. This includes full multi-tenancy, data segregation, flexible policy control and rapid scaling, especially suited for MDR providers. Customers can start with a single module and expand as needed with a simple license change, building towards a unified platform with no data replication or need to start over. Gurucul offers the following packaged software solutions including Next-Gen SIEM, Open XDR, UEBA, Identity Access Analytics that include or can be delivered with Network Traffic Analysis (NTA), Security Orchestration, Automation and Response (SOAR), and Fraud Analytics as stand-alone or add-on options. Gurucul’s Security Analytics and Operations Platform is available immediately from Gurucul and its business partners worldwide.

To learn more visit www.gurucul.com, or see a demo at the RSA Conference 2022 in San Francisco, Calif., June 6-9 at Booth #1443 or at Gartner SRM 2022 in National Harbor, MD, June 7-10 at Booth #1113.

**About Gurucul**

Gurucul is a global cyber security company that is changing the way organizations protect their most valuable assets, data and information from insider and external threats both on-premises and in the cloud. Gurucul’s real-time Cloud-native Next-gen Security Operations Platform provides customers with Open XDR, Next Generation SIEM, UEBA, and Identity Analytics. It combines machine learning behavior profiling with predictive risk-scoring algorithms to predict, prevent, and detect breaches. Gurucul technology is used by Global 1000 companies and government agencies to fight cybercrimes, IP theft, insider threat and account compromise as well as for log aggregation, compliance and risk-based security orchestration and automation for real-time extended detection and response. The company is based in Los Angeles. To learn more, visit https://gurucul.com/ and follow us on LinkedIn and Twitter.

###

Gurucul Launches Cloud-Native SOC Platform Pushing the Boundaries of Next-Gen SIEM and XDR with Identity Threat Detection and Response

RSA pivots to exclusive focus. Identity is once again the ‘beating heart’ of RSA.

BEDFORD, MA – June 1, 2022 – RSA, a global leader in identity and access management (IAM) solutions for the planet’s most security-sensitive organizations, approaches the RSA Conference in San Francisco as an organization well into a dynamic transformation, with significant announcements to make.

First among them is the company’s decision to simplify and streamline its focus and brand architecture. RSA pioneered multi-factor authentication and RSA SecurID is the most widely deployed MFA offering trusted by security-first organizations across the globe. While identity has always been central to RSA’s mission, the company has also been involved in adjacent cyber modalities. No longer: going forward those organizations focusing on integrated risk management, threat detection and response, and omnichannel fraud prevention will grow as independent companies with their own brands.

RSA’s leadership has made the decision to return to its roots and focus the RSA brand on identity. The rationale behind this shift is straightforward. RSA believes identity is the most consequential threat vector in cybersecurity and RSA is best positioned to help customers with this challenge. In addition, the RSA brand will remain affiliated with RSA Conference: the world’s preeminent conference and community for cybersecurity professionals and now an independent business.

RSA also announced the availability of an innovative new SaaS solution suite named ID Plus, a complete and flexible IAM platform offering customers the choice of cloud, on-prem and hybrid deployments. With this announcement, RSA has simplified its IAM offerings to just two brands: ID Plus and SecurID.

“We’ve accelerated a shift into being an identity-first company serving security-first customers,” said Rohit Ghai, CEO of RSA. “We’re transforming into a much more customer experience-driven organization. And we’ve leaned heavily into innovation,” continued Ghai. “We’re making tectonic-level enhancements throughout the company, and with our commitment to hyperfocus on identity we can meet our customers wherever they are on their journey to zero trust.”

RSA’s announcement will dramatically improve customer experience by greatly simplifying both the purchase and adoption of the ID Plus portfolio. The company has introduced 3 new subscription-based pricing plans with a powerful array of options that can be flexibly deployed in the cloud, on-prem or hybrid. Customers can easily adjust their deployments as their needs change. Each plan can lower a customer’s upfront costs in a meaningful way and provide customers with greater budgeting predictability. Simple and effective.

Also, at the RSA Conference, the company is introducing a truly game-changing new cloud product within the ID Plus portfolio: the DS100, a hardware authenticator specifically designed to serve RSA’s customers who have embraced a zero trust posture.

The DS100 is the first ever and only passwordless, multi-functional security solution that can dramatically enhance user experience while lowering total cost of ownership. It is the first cloud-enabled authenticator that marries the cryptographic advantages of FIDO protocols with the security benefits of a one-time password solution, a category where RSA has long been the gold standard. Unlike any other authenticator, the DS100 works plugged in or unplugged, making it the perfect, flexible authentication solution.

The DS100 is only the first of 6 or more new cloud based-solutions the company will introduce in the balance of 2022.

“Our product team is well-beyond simply ‘excited’ about the new ID Plus portfolio and the DS100,” said Jim Taylor, RSA’s Chief Product Officer and the company’s most-likely-to-geek-out-about-new-stuff person. “Everything we do is in service to the customer experience and to innovating exponentially, as RSA has done since its inception. These 2 new solutions are additional proofs of this dual emphasis.”

The company points to its new ownership as a powerful catalyst of the transformation taking place throughout RSA. In 2020, a group led by STG (Symphony Technology Group) purchased RSA. Clearlake Capital later joined the consortium to invest in the next phase of the company’s transformation.

“RSA has consistently delivered shareholder value by being a Rule of 40+ company. And the advantages inherent in RSA now being independent cannot be overstated,” said CEO Ghai. “We’re part of an organization that’s bullish about and focused on identity and cybersecurity. And we’re surrounded by a community of investors and advisors who feel the same. Truly a Virtuous Circle.”

RSA was founded by 3 pioneering MIT mathematicians who invented the RSA cryptosystem, laying the foundation for all secure data communications. Today RSA is a global leader laser-focused on identity and access management, reflecting the company’s belief that assuring digital identities throughout their lifecycle is of preeminent importance in cybersecurity. RSA focuses on serving the planet’s most security-sensitive organizations, with specialties in federal government, financial services, healthcare, energy and technology services. www.rsa.com

New Cloud Pricing and Products Proof of RSA’s Transformation

Microsoft Philanthropies is expanding its cybersecurity skills for jobs campaign to 23 countries and partnering with Women in CyberSecurity (WiCyS) to build a cybersecurity workforce that is not just larger but also more diverse.

COOKEVILLE, TENN. (PRWEB) JUNE 02, 2022

As cyberthreats continue to expand and progress worldwide, the need for qualified cybersecurity professionals is increasing with experts predicting there will be 3.5 million cybersecurity jobs open by 2025, a 350% increase over eight years. Microsoft Philanthropies is expanding its cybersecurity skills for jobs campaign to 23 countries and partnering with Women in CyberSecurity (WiCyS) to build a cybersecurity workforce that is not just larger but also more diverse.

The expansion will include: Australia, Belgium, Brazil, Canada, Colombia, Denmark, France, Germany, India, Ireland, Israel, Italy, Japan, Korea, Mexico, New Zealand, Norway, Poland, Romania, South Africa, Sweden, Switzerland, and the United Kingdom.

The countries were chosen because of an elevated cyberthreat risk, gap in the workforce and lack of diversity. One of the traditionally excluded populations Microsoft wants to provide opportunities for are women, who are significantly underrepresented. In the countries where Microsoft expanded its cybersecurity skilling campaign, only 17% of the cybersecurity workforce are female. Microsoft is working to understand the skills gap, offering free training, helping train more teachers, and providing more support to diverse and underserved job seekers, which is where WiCyS will help.

WiCyS is working to expand its student chapters in the 23 countries by promoting the retention and advancement of women in cybersecurity. WiCyS has over 5,700 members worldwide, including several in those countries Microsoft is trying to engage. WiCyS also has over 160 student chapters, largely in the U.S.

WiCyS student chapters receive funding, access to resources and conferences as well as networking opportunities for both students and faculty advisors. The group of women, men, allies, and advocates meets monthly to participate in CTFs, hackathons, engage in cyber trivia, and learn new technical skillsets. Other events include hosting resume workshops, mock interviews, career development panels, speed networking events and more.

“Thanks to this collaboration, WiCyS seeks to expand our global cyber sisterhood far and wide,” said Lynn Dohm, WiCyS executive director. “While WiCyS works to ensure equity in the gender imbalanced cybersecurity workforce, the student chapter initiative creates a community on campuses so that women are retained in their field of study, grow their network, and have a reliable gateway for future advancement opportunities.”

For more information on the Microsoft Philanthropies Global Student Chapter Initiative, visit http://www.wicys.org/initiatives/wicys-global-student-chapter-initiative-made-possible-by-microsoft-philanthropies/

**About WiCyS:**  
Women in CyberSecurity (WiCyS) is a nonprofit organization with international reach dedicated to the recruitment, retention and advancement of women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities, trainings, events, and resources for its members. Strategic partners include Tier 1: Amazon Web Services, Bloomberg, Carnegie Mellon University – Software Engineering Institute, Cisco, Fortinet, Google, Intel, Lockheed Martin, Meta, Microsoft, Optum, Sandia National Laboratories, SentinelOne. Tier 2: Abbvie, JPMorgan Chase & Co., Linkedin, McKesson, Navy Federal Credit Union, Nike, Wayfair, Workday. To partner, visit https://www.wicys.org/support/strategic-partnerships/.

Tag

#cisco