**LONDON, 11 July, 2022 –** Global research and advisory firm Omdia today unveils its Data Center Thermal Management and Sustainability Intelligence Service. The new annual service offers technology manufacturers, vendors and service providers comprehensive insight and analysis of sustainable data center practices and strategies, with a focus on new technologies such as liquid cooling and energy storage.

Increasing compute requirements continue to drive data center development requiring new approaches to thermal management. At the same time, data center operators and end-users are looking for data centers with sustainability credentials and are making purchasing decisions based on the presence of practices that reduce greenhouse gas emissions.

“While the use of air-cooled equipment dominates data centers today, liquid cooling solutions are gaining interest because they improve the power-to-cooling ratio, address new workload needs and help to achieve sustainability goals. Omdia predicts the liquid cooling market will top $1 billion in 2025,” said Moises Levy, PhD, Senior Principal Analyst, Data Center Physical Infrastructure, Omdia.

Levy added, “The data center thermal management market, which includes the liquid cooling market, is on track to reach $7.7 billion by 2025. The adoption of hybrid solutions involving air and liquid cooling will continue to increase globally in data centers, driven by energy consumption concerns and sustainability goals.”

Through market trends, surveys and reports as well as analyst insights and briefings, the Data Center Thermal Management and Sustainability Intelligence Service will help to:

*   Understand data center investment enabling sustainability
*   Compare and contrast the actions and practices of data center operators
*   Outline ways to improve resource efficiency
*   Offer thermal management strategies and insights into strategy evolution
*   Follow key trends such as AI-based analytics for data center management, equipment renewal, reuse and more

To learn more about the Data Center Thermal Management and Sustainability Intelligence Service please click here.

**ABOUT OMDIA**

Omdia is a leading research and advisory group focused on the technology industry. With clients operating in over 120 countries, Omdia provides market-critical data, analysis, advice, and custom consulting.

Omdia was formed in 2020 following the merger of IHS Markit, Tractica, Ovum and Heavy Reading. Sitting at the heart of the Informa Tech portfolio, Omdia reaches over four million technology decision makers, influencers and practitioners that form part of the wider Informa Tech community and has specialist research practices focusing on Enterprise IT, AI, Internet of Things, Communications Service Providers, Cybersecurity, Components & Devices, Media & Entertainment and Government & Manufacturing.

Omdia: Sustainability Ranks Top on Data Center Operators’ Agendas Despite Cost and Reliability Barriers

The pro-Russian group Killnet is targeting countries supporting Ukraine. It has declared "war" against 10 nations.

The attacks against Lithuania started on June 20. For the next 10 days, websites belonging to the government and businesses were bombarded by DDoS attacks, overloading them with traffic and forcing them offline. “Usually the DDoS attacks are concentrated on one or two targets and generate huge traffic,” says Jonas Sakrdinskas, acting director of Lithuania’s national cybersecurity center. But this was different.

Days before the attacks started, Lithuania blocked coal and metal from being moved through its country to the Russian territory of Kaliningrad, further bolstering its support for Ukraine in its conflict with Russia. Pro-Russian hacker group Killnet posted “Lithuania are you crazy? 🤔” on its Telegram channel to 88,000 followers. The group then called on hacktivists—naming a number of other pro-Russian hacking groups—to attack Lithuanian websites. A list of targets was shared.

The attacks, Sakrdinskas explains, were continuous and spread across all areas of daily life in Lithuania. In total more than 130 websites in both the public and private sectors were “hindered” or made inaccessible, according to Lithuania’s government. Sakrdinskas says the attacks, which were linked to Killnet, have mostly dropped off since the start of July, and the government has opened a criminal investigation.

The attacks are just the latest wave of pro-Russian “hacktivist” activity since the start of Vladimir Putin’s war in February. In recent months Killnet has targeted a growing list of countries that have supported Ukraine but are not directly involved in the war. Attacks against websites in Germany, Italy, Romania, Norway, Lithuania, and the United States have all been linked to Killnet. The group has declared “war” on 10 nations. The targeting often happens after a country offers support for Ukraine. Meanwhile XakNet, another pro-Russian hacktivist group, has claimed to have targeted Ukraine’s biggest private energy company and the Ukrainian government.

While security experts have frequently warned that attacks from Russia could target Western countries, the efforts of volunteer hacktivist groups can have an impact without being officially backed or conducted by the state. “They definitely have malicious intent when they conduct these attacks,” says Ivan Righi, a senior cyberthreat intelligence analyst at security firm Digital Shadows who has studied Killnet. “They're not working together with Russia but in support of Russia.”

Killnet started as a DDoS tool and was first spotted in January this year, Righi says. “They were advertising this app or this website, where you could hire a botnet and then use it to launch DDoS attacks.” But when Russia invaded Ukraine at the end of February, the group pivoted. The vast majority of Killnet’s efforts and those of its “legion” group—members of the public who are asked to join and launch attacks—have been DDoS attacks, Righi says, but he has also seen the group linked to some website defacements, and the group itself has made unverified claims that it has stolen data.

Its Telegram channel, where it makes political statements and talks about targets, was created at the end of February and has grown in popularity, with the number of members doubling since May. “They began to gain a lot of popularity from the public in Russia,” Righi says. Righi says it produces slick promotional videos and sells its own merchandise.

While DDoS attacks aren’t sophisticated, they “will still be able to create uncertainty in the population and give the impression that we are a piece in the current political situation in Europe,” said Sofie Nystrøm, the head of Norway’s NSM cybersecurity agency, in a statement after businesses in the country were targeted by DDoS attacks at the end of June.

Russia has long been home to cybercriminals such as ransomware groups, which the country has largely ignored as long as they don’t target companies in Russia. Simultaneously, Russian military hackers have stirred global chaos for years—causing electricity blackouts in Ukraine, hacking the Olympics, and conducting the worst cyberattack in history. Evidence against state-backed Russian hackers has been piling up since the start of the war, though Russia has consistently denied launching cyberattacks around the world. The Russian embassy in the United States did not immediately respond to a request for comment.

In April, cybersecurity officials in the US, Australia, Canada, New Zealand, and the UK warned against the potential damage that pro-Russian groups, including XakNet and Killnet, could cause. While it is not clear who is behind Killnet or whether the group is backed by the Russian state, one other notorious Russian hacktivist group has been linked to the Kremlin. At the end of June, US cybersecurity company Mandiant, as first reported by Bloomberg, said Russian intelligence operatives had passed stolen information to XakNet. Ukrainian officials have also pinned attacks on DTEK, the country’s largest private energy firm, on XakNet. (The group has posted about DTEK multiple times in its 36,000-subscriber Telegram channel.)

“We've seen a number of groups emerge in the context of the Russian invasion of Ukraine,” says Alden Wahlstrom, a senior analyst at Mandiant. “XakNet and Killnet both have questionable provenance.” Wahlstrom says any claims of hacktivism should be approached with “a healthy dose of skepticism” and that Russian intelligence agencies have an “established history of using cutout groups” for cyberactivities. Last week the Trickbot cybercriminal group—which is made up of multiple smaller groups like the Conti ransomware group, and has links to the Russian state—was spotted by IBM targeting Ukraine for the first time. IBM describes the move as a “huge shift” in the group’s behavior.

XakNet has claimed it is not being directed by the Russian government. In one Telegram post responding to Mandiant’s findings, it said it “fully” supports the Kremlin’s position and acknowledges its activities aren’t legal. It said it does not cooperate with Russia’s FSB security service “at the moment” but is “happy to provide data to those who ask.”

It is possible there are some connections among Russian hacker groups themselves. In multiple instances, Wahlstrom says, they have cross-posted about other groups’ work on their Telegram channels. For instance, when Killnet called for Lithuania to be targeted it posted a message asking for help from XakNet, Russian ransomware groups, and other pro-Russian hacking groups.

“XakNet and Killnet have given a decent amount of media interviews in the Russian media space, which is a reason to at least consider that there is a potential dual component to some of this activity,” Wahlstrom says. “They are helping to advance Russian interests abroad, either in Ukraine or further afield, but on the flip side they're being heavily promoted in the Russian media as groups that are displays of these patriotic volunteers that embody support for Russian government decisions.”

Killnet responded to a request for comment by saying it was “no longer friends” with XakNet. “Our enemy is your government bro,” the group says. “But we are not dangerous to ordinary people.”

DDoS attacks have been prominent in Ukraine, too. Officials there created a volunteer IT army, where people from around the world can help launch attacks against Russian targets. The IT army has claimed to take down, at least temporarily, the websites of Russian government departments, food delivery services, and banks—one of Putin’s speeches last month was delayed by an hour after the IT army attacks. Attacks against Russia have also come from hacktivist groups outside of Ukraine, such as Anonymous.

Ultimately, as Russia’s war against Ukraine continues, the activity of pro-Russian cyber groups continues to be in line with Russian aims. “Moscow has kept its relationship with Russia-based hacktivist groups deliberately ambiguous,” says Emily Harding, deputy director of the international security program at the Center for Strategic and International Studies, a US-based think tank. “Moscow’s security services know who these operators are and will use some form of leverage to force them to cooperate when needed.”

Harding says analysts have continuously predicted that Russia would use “deniable tools” and groups to react against countries that support Ukraine. While DDoS attacks may not be sophisticated, they contribute to this effort. And if attacks by so-called hacktivist groups become more advanced, there’s a greater chance they could cause more damage or risk escalation of the conflict. “The risk of miscalculation is real,” Harding says. “No one has yet really tested the limits of cyber operations without causing escalation.”

Russian ‘Hacktivists’ Are Causing Trouble Far Beyond Ukraine

CISA warns of an unusual ransomware.
The post North Korean APT targets US healthcare sector with Maui ransomware appeared first on Malwarebytes Labs.

State-sponsored North Korean threat actors have been targeting the US Healthcare and Public Health (HPH) sector for the past year using the Maui ransomware, according to a joint cybersecurity advisory (CSA) from the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury.

CISA Director Jen Easterly also announced the CSA on Twitter.

The FBI started responding to incidents involving Maui in May 2021. This ransomware, which threat intelligence firm Stairwell first profiled, is relatively new.

> North Korean state-sponsored cyber-actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services. In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods.
> 
> – CSA Alert (AA22-187A)

Unlike the ransomware we usually see, that plagues organizations and regularly hits the news, Maui is never sold or offered to affiliates as a ransomware-as-a-service (RaaS) tool. It is, instead, developed and used privately for state-backed actors.

Most notably, attackers operate Maui manually. This is on purpose, so attackers have more control over which files to encrypt when Maui is executed.

“When executed at the command line without any arguments, Maui prints usage information, detailing supported command-line parameters,” Stairwell Principal Research Engineer Silas Cutler wrote in the report. “The only required argument is a folder path, which Maui will parse and encrypt identified files.”

“Embedded usage instructions and the assessed use of a builder is common when there is an operational separation between developers and users of a malware family.”

Maui also has other unusual features—it doesn’t drop a ransom note, and uses a three-layer encryption methodology reminiscent of Conti and ShiOne.

“Instead of relying upon external infrastructure to receive encryption keys, Maui creates three files in the same directory it was executed from containing the results of its execution. These files are likely exfiltrated by Maui operators and processed by private tooling to generate associated decryption tooling,” Cutler said.

The FBI shared the indicators of compromise (IOCs) in its advisory.

Malwarebytes detects Maui ransomware as Ransom.Maui.

**Dealing with Maui ransomware**

The advisory also provides mitigation steps organizations can to prepare for, or deal with attacks using Maui ransomware. Thankfully, although Maui may be a little different from run-of-the-mill ransomware, the steps to protect against it are not:

*   Maintain off-site, offline backups of data and test them regularly.
*   Create a cybersecurity response plan.
*   Keep operating systems, applications, and firmware up to date.
*   Disable or harden remote desktop protocol (RDP).
*   Require multi-factor authentication (MFA) for as many services as possible.
*   Require administrator credentials to install software.
*   Report ransomware incidents to your local FBI field office.

The various agencies involved also made it clear, once again, that they strongly discourage victims from paying ransoms. It does not guarantee you will get your data back, does not free you from recovery costs (because you still have to harden your system against the next attack), and it marks you as a target for repeat attacks.

Stay safe!

North Korean APT targets US healthcare sector with Maui ransomware

Researchers have given the world a glimpse of how the FBI's An0m devices were able to eavesdrop on criminals.
The post How the FBI quietly added itself to criminals’ instant message conversations appeared first on Malwarebytes Labs.

Motherboard has disclosed some information about Operation Trojan Shield, in which the FBI intercepted messages from thousands of encrypted phones around the world. These messages are now used in courts across the world as corroborating evidence.

**Operation Trojan Shield**

The US Federal Bureau of Investigation (FBI), the Dutch National Police (Politie), and the Swedish Police Authority (Polisen), in cooperation with the US Drug Enforcement Administration (DEA) and 16 other countries, carried out one of the largest and most sophisticated law enforcement operations to date in the fight against encrypted criminal activities with the support of Europol.

We wrote about the 800 arrests that were made with the help of the backdoored phones. Law enforcement agencies around the world have long campaigned for encryption backdoors, so they can see what criminals are saying to each other. End-to-end encryption hides the content of messages from unauthorized readers, so that only the sender at one end and the receiver at the other end (or, more precisely, the sending and receiving devices) can read the content.

Unable to break the encryption of messages as they pass from one device to another, the FBI and the Australian Federal Police (AFP) came up with an ingenious plan. They decided to put themselves on the sending and receiving devices, by creating a phone they could eavesdrop on, and then marketing it to criminals as a secure device ideally suited to the demands of organized crime.

To that end, the FBI became secretly involved in An0m, a company that was working on an early version of an app to enable end-to-end encrypted communication.

**New information**

Despite several requests from defense lawyers on behalf of some of the arrested suspects, the source code of An0m was kept secret. When asked for comment, the San Diego FBI told Motherboard in a statement that

> “We appreciate the opportunity to provide feedback on potentially publishing portions of the Anom source code. We have significant concerns that releasing the entire source code would result in a number of situations not in the public interest like the exposure of sources and methods, as well as providing a playbook for others, to include criminal elements, to duplicate the application without the substantial time and resource investment necessary to create such an application. We believe producing snippets of the code could produce similar results.”

By buying an An0m device from the secondary market after the law enforcement operation was announced, and a copy of the An0m APK as a standalone file, Motherboard started digging into the code.

Without revealing much of the source code, to protect various contributors that very likely had no idea what they were working on, the decompiled source code is described as if it was thrown together in a hurry. Apparently the app was based on an existing messaging app, and freely available online tools were added to complete the intelligence gathering capabilities.

**An extra end**

What does become clear form the revealed code is how the law enforcement agencies were able to eavesdrop on the end-to-end encrypted messages. They simply added an extra end to each conversation. You could compare this to a BCC contact in an email. Only in this case both the sender and the receiver had no idea that there was another end that was able to read the encrypted messages.

The app uses Extensible Messaging and Presence Protocol (XMPP), an open communication protocol designed for instant messaging, presence information, and contact list maintenance. XMPP works by having each contact use a handle that in some way looks like an email address. For An0m, these included an XMPP account for the customer support channel that An0m users could contact. Another of these was “bot”. And bot was a hidden or “ghost” contact that made copies of Anom users’ messages. Unlike the support channel, bot hid itself from Anom users’ contact lists and operated in the background. In practice the app scrolled through the user’s list of contacts, and when it came across the bot account, the app filtered that out and removed it from view so the end users could not see they were sending extra copies to a third party.

How the FBI quietly added itself to criminals’ instant message conversations

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 1 and July 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...


[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Roundup for July 1 to July 8

CHICAGO, July 8, 2022 /PRNewswire/ -- According to a research report "Security Orchestration, Automation and Response (SOAR) Market **by Offering (Platform & Solutions, Services), Application (Threat Intelligence, Network Forensics, Compliance), Deployment Mode, Organization Size, Vertical and Region - Global Forecast to 2027**," published by MarketsandMarkets™, the global SOAR Market size is expected to grow from an estimated value of USD 1.1 billion in 2022 to USD 2.3 billion by 2027, at a Compound Annual Growth Rate (CAGR) of 15.8% from 2022 to 2027. As SOAR helps security team to fight against alert fatigue, growing incidents of phishing emails and ransomware is driving the market growth.

_Browse in-depth TOC on_ **"Security Orchestration, Automation and Response Market"****398 – Tables  
39 – Figures  
282 – Pages**

**Download PDF Brochure:** https://www.marketsandmarkets.com/pdfdownloadNew.asp?id=176584778

**By offerings, services segment to grow at higher CAGR during forecast period**

Services involve support offered by security vendors to assist their customers to use and maintain security products efficiently. With the increasing sophistication in cyberattacks, organizations are adopting security services to address risks related to cyber threats as well as prevent them. The security services market is segmented across two major types: professional services and managed services. These services enhance the security portfolio of enterprises and safeguard their systems from unauthorized access, exploitation, and data loss. With the increasing digitalization and changing regulatory norms, customers need continuous guidance from SOAR implementation experts. This expertise gathered from managed services helps consumers design customized solutions for their business processes. MSPs also ensure customers are aware of the Return on Investment (RoI) on their security platform.

**By deployment mode, cloud segment to grow at higher CAGR during forecast period**

With the rapid digital transformation, organizations are changing their operating models and embracing cloud-based solutions. Cloud-based deployment offers several benefits to organizations, such as scalability and agility, reduce physical infrastructure, less maintenance cost, and 24/7 data accessibility from anytime, anywhere. Thus, organizations are adopting cost-effective SOAR solutions to prevent and protect volumes of data from cyberattacks. Cloud platforms automate all the process in an organization that falls short of staff to monitor security operations. These platforms also offer additional support and consulting services.

**Speak to Analyst:** https://www.marketsandmarkets.com/speaktoanalystNew.asp?id=176584778

**By Region, Asia Pacific to grow at a higher CAGR during the forecast period.**

Asia Pacific comprises some of the world's largest economies, such as China, India, Japan, and Australia. The cyber threat landscape in these countries is changing every day, with threats experienced by organizations increasing at an alarming rate. In 2021, the most targeted region for cyberattacks was Asia Pacific, it accounted for one in four cybersecurity attacks launched worldwide. The most incidents in the region were experienced by Japan, Australia, and India, where server access and ransomware were amongst the most popular forms of attacks. The type of threats faced by Asia Pacific countries is also changing and growing more complex each day. Asia Pacific is also proactively leading the charge in the development and adoption of many new technologies, including smart cities. As more and more technologies or complex projects are being taken up, the region also becomes increasingly vulnerable to more sophisticated threats. To address these increasing vulnerabilities, many companies are expanding into Asia Pacific. For example, Swimlane, a major vendor of SOAR has extended its cloud-based security automation into Asia Pacific Japan (APJ) amid momentous growth in region.

**Key Players**

Major vendors in the global **Security Orchestration, Automation and Response (SOAR) Market** include IBM (US), Cisco (US), Rapid7 (US), Palo Alto Networks (US), Splunk (US), Swimlane (US), Tufin (US), Fortinet (US), ThreatConnect (US), Trellix (US), Sumo Logic (US), Siemplify (US), LogRhythm (US), Resolve (US), Exabeam (US), manageEngine (US), KnowBe4 (US), D3 Security (Canada), Qvine (US), Cyware (US), LogicHub (US), Cyberbit (US), Logsign (Netherland), SIRP (UK), Tines (Ireland).

**Browse Adjacent Markets:** Information Security Market Research Reports & Consulting

**Related Reports**

Cybersecurity Market by Component (Software, Hardware, and Services), Software (IAM, Encryption, APT, Firewall), Security Type, Deployment Mode, Organization Size, Vertical, and Region (2022 - 2026)

Security Information and Event Management Market by Component, Application, Deployment Mode, Organization Size, Vertical (Information, Finance and Insurance, Healthcare and Social Assistance, Utilities), and Region - Global Forecast to 2025

**About MarketsandMarkets™**

MarketsandMarkets™ provides quantified B2B research on 30,000 high growth niche opportunities/threats which will impact 70% to 80% of worldwide companies' revenues. Currently servicing 7500 customers worldwide including 80% of global Fortune 1000 companies as clients. Almost 75,000 top officers across eight industries worldwide approach MarketsandMarkets™ for their painpoints around revenues decisions.

Our 850 fulltime analyst and SMEs at MarketsandMarkets™ are tracking global high growth markets following the "Growth Engagement Model – GEM". The GEM aims at proactive collaboration with the clients to identify new opportunities, identify most important customers, write "Attack, avoid and defend" strategies, identify sources of incremental revenues for both the company and its competitors. MarketsandMarkets™ now coming up with 1,500 MicroQuadrants (Positioning top players across leaders, emerging companies, innovators, strategic players) annually in high growth emerging segments. MarketsandMarkets™ is determined to benefit more than 10,000 companies this year for their revenue planning and help them take their innovations/disruptions early to the market by providing them research ahead of the curve.

MarketsandMarkets's flagship competitive intelligence and market research platform, "Knowledge Store" connects over 200,000 markets and entire value chains for deeper understanding of the unmet insights along with market sizing and forecasts of niche markets.

SOAR Market Worth $2.3 Billion by 2027, According to Exclusive Report by MarketsandMarkets

This year's RSA Conference saw a strange mix of selling the future and the past — for good reason.

The show floor during the RSA Conference was a dizzying mix of vendors selling solutions ideal for a precloud world and vendors carving out new concepts. There was a bewildering list of acronyms that we knew and several we didn't. CSPMs, CWPPs, and CIEMs were joined by SSMP, CNAPP, and CDR. (Read this companion piece to learn what they mean.)

The main takeaway seemed to be "Secure the future, but don't neglect the legacy of the past" — which is surprisingly reasonable for the volatile and ephemeral world of cybersecurity. Mix that in with the global skills shortage and confusion in the world of talent and, as the title of this article says, welcome-back-to-the-future shock!

Why do we see this strange mix of selling the future and the past? Well, not every company has the same pressures and drivers, so consequently they can be at a different stage of technology transformation. Cloud natives and the growing ranks of "cloud immigrants" (those not born using the cloud but who fully embrace it) live in the 2020s. At the same time, some organizations are moving to enter the 1990s or perhaps 2000s, at least as far as IT security spending goes. People are buying their first SIEM or upgrading to a next-gen firewall, as well as trying to secure cloud-native and cloud-migrated applications and workloads. Different industry sectors have different dynamics, and this is reflected in their architectures and operations.

Back in 1970, the Boston Consulting Group created the paradigm of the four stages of product growth: question marks, stars, cash cows, and pets. The VPN market is a perfect example of the cash cow — larger than all of the cloud security markets combined but with a clearly visible end-of-life looming on the horizon. In contrast, many cloud security solution categories, such as CSPM, CIEM, and CWPP, are now firmly established as rising stars, with healthy innovation and growth being evident.

**Ubiquitous Buzzwords and Hidden Gems**

RSA Conference has always been about buzzword bingo. Extended detection and response (XDR) was everywhere, but the vendor offerings underneath the banner varied widely. XDR is a relatively new term, and the various analyst firms — and even individual analysts within the big firms — are arguing about what it means. This is even more true of zero trust (a phrase that also describes how many CISOs feel about vendor pitches and marketing). More mature detection and response technologies, such as endpoint detection and response (EDR) and network detection and response (NDR) are joined by cloud detection and response (CDR, which I have seen interpreted also as content disarm and reconstruction) and data detection and response (DDR). Managed detection and response (MDR) is an attempt by managed service providers to shed the reputation of simply being there to tell the customer they've been hacked, and to shift a little bit left of the crisis.  

Zero trust is a term that's become overused and is losing traction — however, it's still an integral part of the security landscape. Of course, it's debatable whether zero trust truly models the way that we interact as humans in our customer and supplier relationships, but it is a useful model for cybersecurity architects and engineers trying to reduce the hazard of unintentional connectivity between systems.

And when we talk about hype in cybersecurity, there is one specter that always lurks in the corner. Machine learning spent a good few years being breathlessly abused by excited salespeople, to the point when it seemed like we should expect it to magically inoculate our applications, straighten out our insider risk problems, manage our supply chain, and serve coffee afterward. The reaction this provoked was frustrated CISOs refusing point-blank to talk to any wide-eyed evangelist of the magic box. Thankfully, machine learning and artificial intelligence now provide solid solutions ready to be put into operation. Marketing efforts are focusing on realizable, evidence-backed assertions based on customer benefits, and this is converting into solid growth.

**What Did I Miss?**

Despite the fact that fraud is on the rise, there weren't that many fraud detection solutions. Perhaps their absence is an indication that CISOs are turning away from the dream of the fusion solution and deciding that despite evidence of attackers using cyberattacks in fraud schemes, it's too complex to overcome the corporate politics. 

Dedicated ransomware solutions were also remarkably absent. While CISOs may recognize the benefits of solutions specifically targeted at this huge problem, they need to be able to explain to the CFO why the malware solutions that have already been paid for aren't doing the job. I think that we are not seeing the full ransomware kill chain, as several threat research organizations are identifying links between ransomware, fraud attacks, and other cyberattacks.

Data security solutions seem to be becoming a component of other solutions, such as CWPP (for cloud), or other specific verticals, such as payment solutions, healthcare, and others that have compliance-driven privacy responsibilities. This is another example of how compliance drives security investment (and therefore, engineering and product development). It may be that, as more applications become fully cloud-centric, we will be expecting this capability to be provided natively within the cloud app itself.

It is surprising that Internet of Things/operational technology (IoT/OT) solutions remain thin on the ground. One colleague of mine suggested that the "s" in "things" stands for security, and it's not hard to see the truth behind that witticism. Security has always been driven by compliance and risk, and IoT/OT is still at the stage where design engineers and managers are seeking operational availability and connectivity. 

There appears to be little driving force in investing in secure cybersecurity solutions, despite the evident threat from unfriendly foreign powers, criminal gangs, and destructive activists. As many industrial control engineers say, it's all fun and games until some noxious glowing goo eats through the floor!

What's clear from the RSA Conference is that the industry is ready to use the lessons of the past to point us toward the future.

Welcome-Back-to-the-Future Shock

**BOULDER, Colo. – July 6, 2022 –** Swimlane, the low-code security automation company, today announced a $70 million growth funding round led by Activate Capital. Existing investors Energy Impact Partners (EIP) and 3Lines Venture Capital also participated in the round. The new investment will accelerate the company’s ongoing growth and operations on a global scale while continuing to advance its platform innovations in security automation ahead of the competition.

Automation has become a must-have technology for security operations, evident from recent Presidential Executive Orders, an unsolvable talent shortage and an ever-increasing amount of threat telemetry. Swimlane recently launched Turbine as the solution — a breakthrough in low-code automation that captures hard-to-reach telemetry and expands actionability beyond closed extended detection and response (XDR) ecosystems.

As part of the funding, the company also announced that Raj Atluru, Managing Partner at Activate Capital, will join the Swimlane Board of Directors.

“We invested in Swimlane because we believe in the company’s ability to unlock the most valuable product developments customers demand for security automation inside and outside the SOC,” said Atluru. “Swimlane has transcended traditional SOAR and risen to meet the growing need for low-code security automation to help organizations quantify business value, overcome process and data fatigue, and combat chronic staffing shortages.”

Sameer Reddy, Managing Partner at Energy Impact Partners said, “Security operations today is at a critical inflection point. Organizations don’t have enough people, money, or resources to address all of their security workflows across the entire organization, while also responding to threats the moment they happen. Automation will have to play a critical role in addressing these challenges and Swimlane is incredibly well-positioned as the leading independent security automation platform.”

According to Niloofar Razi Howe, Swimlane Board Member and long-time cybersecurity veteran, “The accelerating pace of threat telemetry coupled with a rapidly expanding attack surface is outstripping the ability for humans to act. Swimlane is filling in one of the biggest gaps in cybersecurity today by putting humans back in control with a low-code approach to security automation.”

“We are very proud of the global traction and results we have achieved,” said James Brear, CEO of Swimlane. “Besides our hyper revenue growth, we have achieved over 120% of net retention and product expansion. Our cloud product has seen a 5X increase in adoption over 2021 and our growth over the last four years is over 700%. This is a testament to our customer-first mindset and meeting all the use case requirements our customers demand.”

The new investment will also accelerate the growth of Swimlane’s global partner network and create new market opportunities through partners in all major geographies. This will include technical partner support and enablement to help partners unlock the power of automation beyond just threat response.

“Organizations across industries are facing a more sophisticated and targeted threat landscape than ever before,” said John Vanderzon, CTO of Sun Management, which also joined the growth round of investment. “We invested in Swimlane for its intelligent approach to solving a long-term problem. We see Swimlane as a paradigm shift similar to what we saw with Palo Alto Networks when we ran four of their betas in 2007. We look for technology that solves problems intelligently, and Swimlane's low-code security automation goes above and beyond to give companies the power to stop threats at the point of inception in a rapidly expanding attack surface — without the need to hire more people.”

**About Swimlane**

Swimlane is the leader in cloud-scale, low-code security automation. Swimlane unifies security operations in-and-beyond the SOC into a single system of record that helps overcome process and data fatigue, chronic staffing shortages, and quantifying business value. The Swimlane Turbine platform combines human and machine data into actionable intelligence for security leaders. For more information, visit swimlane.com or join the conversation on LinkedIn, Twitter and YouTube.

Swimlane Secures $70M Growth Round to Fuel Global Expansion of Next Generation Low-Code Security Automation Platform

DUBLIN, July 8, 2022 /PRNewswire/ -- The "Global Enterprise Endpoint Security Market - Forecasts from 2022 to 2027" report has been added to **ResearchAndMarkets.com's** offering.

Endpoint security is the technique of preventing harmful actors and campaigns from exploiting endpoints or entry points of end-user devices such as PCs, laptops, and mobile devices. Endpoint security solutions on a system or cloud protect against cybersecurity threats. Endpoint security has progressed beyond antivirus software to supply comprehensive security against sophisticated malware and new zero-day dangers.

Nation-states, hacktivists, organized crime, and purposeful and unintentional insider threats all pose a hazard to businesses of all sizes. Endpoint security is frequently referred to as cybersecurity's frontline, and it is one of the first places where businesses attempt to defend their networks. Due to several benefits, such as cost savings with cloud storage, compute scalability, and low maintenance requirements, enterprise use of SaaS-based or cloud-delivered endpoint security solutions continues to grow.

**The growing number of enterprise endpoints and mobile devices with access to sensitive data has created a tremendous need for endpoint security solutions, which is expected to drive the market.**

In today's environment, mobile gadgets such as smartphones and tablets have become necessary for both individuals and businesses. The number of employees using their phones for work is fast expanding, and mobile devices and applications have presented a slew of new attack vectors and data security challenges.

These cyber dangers range from Trojans and viruses to botnets and toolkits, and they can have a significant impact on the broader network, putting sensitive and private data at risk. For example, according to the Mobile Security Report 2021 by Check Point, 97 percent of businesses globally were hit by mobile attacks that used several attack vectors. At least one employee in 46 percent of those businesses downloaded a malicious app to their phone.

According to the same report, nearly every firm had at least one smartphone malware assault in 2020. The mobile network was responsible for 93 percent of the attacks. As previously stated, around 40% of all mobile devices are at risk of being targeted by cyber-attacks. As a result, businesses are increasingly implementing endpoint security solutions to secure their networks and give secure access to confidential data to their employees.

As a result, factors such as increased mobile and wireless device usage, advancements in connectivity infrastructure around the world, and dropping mobile device prices are all expected to have a significant impact on the endpoint security industry. For instance, according to Ericsson, there are already over six billion smartphone subscribers worldwide, with several hundred million more expected in the next years.

By 2026, the number of smartphone users is predicted to increase to 7516 million. Employees at firms are increasingly using their personal mobile devices to access corporate data owing to the growing BYOD trend. However, it poses security concerns, necessitating powerful endpoint security solutions to protect sensitive company data, resulting in significant demand.

However, the lack of awareness about endpoint security among the general public, as well as the fact that many enterprises are struggling to deal with security threats and data breaches as a result of a lack of understanding about endpoint security, is expected to limit the market expansion.

**By region, the Asia Pacific and North America are expected to hold a notable share in the global enterprise endpoint security market during the forecast period.**

North America and Asia-Pacific are predicted to have a significant share of the global enterprise endpoint security market. Applying technology to restrict threats on organizational endpoints and the rising penetration of mobile devices that are initially prone to endpoint attacks are two reasons supporting the market expansion in these regions.

For instance, in July 2021, SentinelOne and ConnectWise established a partnership to strengthen their security relationship. MSPs will be able to obtain SentinelOne Control and SentinelOne Complete as standalone products from ConnectWise rather than having to purchase them as part of the SOC-targeted Fortify Endpoint offering.

Similarly, in September 2020, Palo Alto Networks and OPSWAT expanded their partnership to add support for new endpoint platforms and IoT devices in GlobalProtect and Prisma Access for branch offices, retail locations, and mobile users. The integration detects and evaluates the state of the endpoint as well as any third-party security programs installed on it. The Host Information Profile (HIP) gathers data about the network's endpoints' security state, used to implement gateway policies.

**COVID-19 Insights**

The COVID-19 outbreak compelled enterprises all around the world to mobilize swiftly in order to secure large numbers of remote workers and expand their tooling beyond traditional security measures. With the growing number of cybercrimes in 2020, the market for global enterprise endpoint security has been positively impacted by the pandemic.

For instance, the US Department of Health and Human Services (HHS) systems were subjected to a large DDoS attack in March 2020. In the same month, a cyberattack hit databases at the University Hospital in Brno, one of the Czech Republic's main centers for COVID-19 blood testing. As a result, doctors could not complete coronavirus testing and had to postpone several surgical procedures.

**Key Topics Covered:**

**1\. INTRODUCTION**

**2\. RESEARCH METHODOLOGY**

**3\. EXECUTIVE SUMMARY**

**4\. MARKET DYNAMICS**  
4.1. Market Drivers  
4.2. Market Restraints  
4.3. Porter's Five Forces Analysis  
4.3.1. Bargaining Power of Suppliers  
4.3.2. Bargaining Powers of Buyers  
4.3.3. Threat of Substitutes  
4.3.4. Threat of New Entrants  
4.3.5. Competitive Rivalry in Industry  
4.4. Industry Value Chain Analysis

**5\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY SOLUTION**  
5.1. Anti-Virus  
5.2. Firewall  
5.3. Endpoint Device Control  
5.4. Anti-Spyware/Anti-Malware  
5.5. Others

**6\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY COMPONENT**  
6.1. Application Control  
6.2. Endpoint Encryption

**7\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY DEPLOYMENT**  
7.1. Cloud  
7.2. On-Premise

**8\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY ORGANIZATION SIZE**  
8.1. Small  
8.2. Medium  
8.3. Large

**9\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY INDUSTRY VERTICAL**  
9.1. BFSI  
9.2. Government  
9.3. Aerospace and Defense  
9.4. Healthcare  
9.5. Communication and Technology  
9.6. Others

**10\. GLOBAL ENTERPRISE ENDPOINT SECURITY MARKET, BY GEOGRAPHY**  
10.1. Introduction  
10.2. North America  
10.2.1. United States  
10.2.2. Canada  
10.2.3. Mexico  
10.3. South America  
10.3.1. Brazil  
10.3.2. Argentina  
10.3.3. Others  
10.4. Europe  
10.4.1. Germany  
10.4.2. France  
10.4.3. United Kingdom  
10.4.4. Spain  
10.4.5. Others  
10.5. Middle East and Africa  
10.5.1. Saudi Arabia  
10.5.2. Israel  
10.5.3. Others  
10.6. Asia Pacific  
10.6.1. China  
10.6.2. Japan  
10.6.3. South Korea  
10.6.4. India  
10.6.5. Thailand  
10.6.6. South Korea  
10.6.7. Taiwan  
10.6.8. Indonesia  
10.6.9. Others

**11\. COMPETITIVE ENVIRONMENT AND ANALYSIS**  
11.1. Major Players and Strategy Analysis  
11.2. Emerging Players and Market Lucrativeness  
11.3. Mergers, Acquisition, Agreements, and Collaborations  
11.4. Vendor Competitiveness Matrix

**12\. COMPANY PROFILES**  
12.1. Intel Corporation  
12.2. Broadcom Inc. (Symantec Corporation)  
12.3. Trend Micro Incorporated  
12.4. RSA Security LLC  
12.5. Kaspersky Lab  
12.6. Bitdefender  
12.7. WatchGuard Technologies  
12.8. ESET  
12.9. Sophos Ltd  
12.10. McAfee LLC

For more information about this report visit https://www.researchandmarkets.com/r/fyl26c

Worldwide Enterprise Endpoint Security Industry to 2027: Focus on Antivirus, Firewall, Endpoint Device Control, and Anti-Spyware/Anti-Malware

Quantum-proof encryption is here—decades before it can be put to the test.

In 1994, a Bell Labs mathematician named Peter Shor cooked up an algorithm with frightening potential. By vastly reducing the computing resources required to factor large numbers—to break them down into their multiples, like reducing 15 to 5 and 3—Shor’s algorithm threatened to upend many of our most popular methods of encryption.

Fortunately for the thousands of email providers, websites, and other secure services using factor-based encryption methods such as RSA or elliptic curve cryptography, the computer needed to run Shor’s algorithm didn’t exist yet. 

Shor wrote it to run on quantum computers which, back in the mid-1990s, were largely theoretical devices that scientists hoped might one day outperform classical computers on a subset of complex problems.

In the decades since, huge strides have been made toward building practical quantum computers, and government and private researchers have been racing to develop new quantum-proof algorithms that will be resistant to the power of these new machines. For the last six years, the National Institute of Standards and Technology (NIST)—a division of the US Department of Commerce—has been running a competition to find the algorithms that it hopes will secure our data against quantum computers. This week, it published the results.

NIST has whittled hundreds of entries from all over the world to an initial list of just four: CRYSTALS-Kyber for general encryption, and CRYSTALS-Dilithium, FALCON, and SPHINCS+ for use in digital signatures during identity verification or when signing digital documents. “People have to understand the threat that quantum computers can pose to cryptography,” says Dustin Moody, who leads the post-quantum cryptography project at NIST. “We need to have new algorithms to replace the ones that are vulnerable, and the first step is to standardize them.”

Just as RSA encryption relies on the difficulty of factoring extremely large numbers, three of the four algorithms unveiled this week use a complicated mathematical problem that’s expected to be difficult for even quantum computers to wrestle with. Structured lattices are abstract multi-dimensional grids that are extremely challenging to navigate unless you know the shortcuts. In structured lattice cryptography, as with RSA, the sender of a message will encrypt the contents using the recipient’s public key, but only the receiver will have the keys to decrypt it. With RSA the keys are factors—two large prime numbers that are easy to multiply together but difficult to ascertain if you have to work backwards. In these post-quantum cryptography algorithms the keys are vectors, directions through the maze of a structured lattice.

Although it will be a few years before these standards are published in their final form, it’s a pretty big moment. “For the first time, we have something to use against a quantum threat,” says Ali El Kaafarani, the CEO of PQShield, which worked on the FALCON algorithm.

Those quantum threats might still be decades away, but security experts warn of “harvest now, decrypt later” attacks—bad actors hovering up caches of encrypted data with the expectation that they’ll eventually have a quantum computer that can access them. The longer it takes to implement quantum-proof cryptography, the more data will be vulnerable. (Although, Lancaster University quantum researcher Rob Young points out that a lot of sensitive data that could be harvested now is also time sensitive: Your credit card number today will be irrelevant in 15 years.)

“The first thing organizations need to do is understand where they are using crypto, how, and why,” says El Kaafarani. “Start assessing which parts of your system need to switch, and build a transition to post-quantum cryptography from the most vulnerable pieces.”

There is still a great degree of uncertainty around quantum computers. No one knows what they’ll be capable of or if it’ll even be possible to build them at scale. Quantum computers being built by the likes of Google and IBM are starting to outperform classical devices at specially designed tasks, but scaling them up is a difficult technological challenge and it will be many years before a quantum computer exists that can run Shor’s algorithm in any meaningful way. “The biggest problem is that we have to make an educated guess about the future capabilities of both classical and quantum computers,” says Young. “There's no guarantee of security here.”

The complexity of these new algorithms makes it difficult to assess how well they’ll actually work in practice. “Assessing security is usually a cat-and-mouse game,” says Artur Ekert, a quantum physics professor at the University of Oxford and one of the pioneers of quantum computing. “Lattice based cryptography is very elegant from a mathematical perspective, but assessing its security is really hard.”

The researchers who developed these NIST-backed algorithms say they can effectively simulate how long it will take a quantum computer to solve a problem. “You don't need a quantum computer to write a quantum program and know what its running time will be,” argues Vadim Lyubashevsky, an IBM researcher who contributed to the the CRYSTALS-Dilithium algorithm. But no one knows what new quantum algorithms might be cooked up by researchers in the future.

Indeed, one of the shortlisted NIST finalists—a structured lattice algorithm called Rainbow—was knocked out of the running when IBM researcher Ward Beullens published a paper entitled “Breaking Rainbow Takes a Weekend on a Laptop.” NIST’s announcements will focus the attention of code breakers on structured lattices, which could undermine the whole project, Young argues. 

There is also, Ekert says, a careful balance between security and efficiency: In basic terms, if you make your encryption key longer, it will be more difficult to break, but it will also require more computing power. If post-quantum cryptography is rolled out as widely as RSA, that could mean a significant environmental impact.

Young accuses NIST of slightly “naive” thinking, while Ekert believes “a more detailed security analysis is needed”. There are only a handful of people in the world with the combined quantum and cryptography expertise required to conduct that analysis.

Over the next two years, NIST will publish draft standards, invite comments, and finalize the new forms of quantum-proof encryption, which it hopes will be adopted across the world. After that, based on previous implementations, Moody thinks it could be 10 to 15 years before companies implement them widely, but their data may be vulnerable now. “We have to start now,” says El Kaafarani. “That’s the only option we have if we want to protect our medical records, our intellectual property, or our personal information.”

Tag

#intel