Skyhigh Security today announced a powerful integration between Skyhigh Secure Web Gateway (SWG) for Cloud and Trellix Intelligent Virtual Execution (IVX) Cloud to strengthen enterprises’ security posture. Through this cloud integration, organizations will gain an additional layer of malware scanning, zero-day threat detection, and comprehensive data forensics for the cloud, helping them guard their sensitive data and protect employees.

“The integration of Skyhigh SWG with Trellix IVX is an exciting innovation, as it creates a powerful defense mechanism for our clients,” said Boubker Elmouttahid, Global Technical Director at Skyhigh Security. “This collaboration enhances our ability to detect, analyze, and neutralize sophisticated threats in real time, ensuring that our customers can confidently navigate the digital landscape with unparalleled security.”

Primary Use Cases and Benefits

• Block unknown and zero-day malware: Skyhigh SWG scans a web object for viruses or other malware and if any suspicious web object is found, it is sent to Trellix IVX for additional scanning. Trellix’s sandbox technology meticulously analyzes the file within a controlled environment, observing its behavior and assessing whether there’s a potential threat.
• Access data forensics: The additional layer of Trellix IVX offers a threat detection sandbox that pinpoints known and unknown malware. This sandboxing offers a detailed forensic report explaining the attack vector and its potential impact. The incident is mapped to the MITRE ATT&CK® framework, providing insights into modes of operation. This robust information, when shared with security operations teams, can enable faster decision-making during critical incidents.
• View Indicators of Compromise: Trellix offers a detailed report on Indicators of Compromise (IOCs) – traces left by attackers or malicious software – to aid in identifying security incidents. IOCs empower enterprises to find other unknown malware in their environment and enable more effective threat hunting. Based on the results, the security operations team can decide to block or allow the object on Skyhigh SWG.

“This cloud-to-cloud integration between Skyhigh SWG and Trellix IVX empowers enterprises to incorporate an additional layer of malware scanning, as a complement to what is already provided by our GAM (Gateway Anti-Malware) engine,” said America Garcia, Product Marketing Manager at Skyhigh Security. “With this integration, we reaffirm our commitment to deliver enhanced security through a layered defense.”

Skyhigh Security and Trellix: A Powerful Integration

This update builds on each company’s expertise to deliver the best value for customers. Skyhigh Security’s platform currently offers a robust GAM engine and Remote Browser Isolation (RBI), incorporated natively at no extra cost, preventing zero-day threats from ever reaching endpoints. Trellix IVX’s signatureless, dynamic analysis engine inspects suspicious network traffic to identify attacks evading traditional signature and policy-based defenses. Combined, these technologies enhance customers’ overall threat detection capabilities.

Register for the Skyhigh Security and Trellix webinar on August 21 at 11am PDT to discover how this integration helps stop evolving threats in their tracks.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Skyhigh Security Announces New Cloud-to-Cloud Integration with Trellix first appeared on AI-Tech Park.

DoControl’s solution offers visibility, threat detection, and remediation for sensitive data exposure and insider threats. DoControl secures SaaS data, identities, connected third-party apps, and configurations to ensure comprehensive protection across major SaaS ecosystems. Supported use cases include Data Access Governance and Data Loss Prevention, Identity Threat Detection & Response, Misconfiguration Management and Shadow App Discovery & Remediation.

One of DoControl’s top integrations is with Google Workspace. Key benefits include enhanced visibility into a customer’s Google Workspace data, empowering users to identify and eliminate potential exposure risks at scale. ; mitigation of insider threats caused by risky user activity, and over-permissioned, unsanctioned shadow apps; prevention of future exposure and sensitive data loss with automated policy enforcement; and empowerment of company employees to independently remediate risky actions, increasing awareness for secure SaaS collaboration. DoControl allows organizations to maximize the collaborative benefits of Google Workspace, while ensuring additional security protocols are in place to protect sensitive data. Additionally, DoControl integrates with Google Workspace’s recently launched AI based data classification functionality, allowing customers to create custom policies on how their data should be accessed and shared.

“DoControl’s partnership with Google Cloud empowers organizations to fully leverage Google Workspace while prioritizing security,” says Omri Weinberg, CRO and Co-Founder at DoControl. “Modern companies must collaborate with both internal and external partners to drive business forward, but they need controls in place on how sensitive data is shared and accessed. With DoControl, organizations can secure their data without compromising productivity,” he adds. “In addition to enhanced security controls, this partnership allows organizations to purchase DoControl through Google Cloud Marketplace, simplifying the procurement process for purchasing a tool that is needed for your cloud security program.”

“Bringing DoControl to Google Cloud Marketplace will help customers quickly deploy, manage, and grow the Security Posture Management solution on Google Cloud’s trusted, global infrastructure,” said Dai Vu, Managing Director, Marketplace & ISV GTM Programs at Google Cloud. “DoControl can now securely scale and support customers on their digital transformation journeys.”

With its availability on Google Cloud Marketplace, DoControl is well-positioned to scale its business to the next level and continue to empower organizations to securely manage and protect their SaaS data. To learn more about DoControl’s partnership with Google Cloud, including the requirements and benefits of Google Cloud Marketplace Program, please visit our website or contact us directly.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post DoControl Now Available on Google Cloud Marketplace first appeared on AI-Tech Park.

With the integration of LatticeFlow AI Vision, Actuate’s real-time video analytics solution can more precisely identify actual threats, including guns and unwanted intruders, leading to a more trustworthy detection system. Active shooter incidents in the US have increased by 97% since 2017, making the use of intelligent threat detection solutions even more critical in reducing response time to time-sensitive events.

Actuate’s AI-powered solution alerts security decision-makers immediately after a threat has been detected, with over 99% detection accuracy. Within five seconds, security teams get an alert with the alert footage, threat type, and additional relevant site information. The number of false alarms is also reduced by 95%, reducing the burden of security teams and allowing for a more focused response to real threats.

“This partnership underscores our dedication to leveraging the latest advancements in AI to deliver unparalleled threat detection capabilities to our customer,” said Zack Schmidt, Data Science Manager at Actuate. “LatticeFlow AI enables Actuate’s AI to improve performance for diverse scenes, while quickly adding new scenes, threat types, and customer requirements. LatticeFlow AI enables us to continuously improve our AI models to ensure they are highly performant on our customers’ data.”

“We are honored to partner with Actuate to harness the transformative power of AI to enhance public safety,” said Tom Ulrich, SVP & GM of North America at LatticeFlow AI. “This partnership demonstrates the positive impact that AI can have on society, resulting in safer and more secure public spaces.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Actuate Selects LatticeFlow AI to Enhance AI Threat Detection Solution first appeared on AI-Tech Park.

eSentire’s MDR service combines its open, AI-powered Extended Detection and Response (XDR) cloud platform, 24/7 threat hunting and proven security operations leadership, enabling organizations of all sizes to anticipate, withstand and recover from cyberattacks across their entire attack surface, whether on-premises or in the cloud.

For TD SYNNEX customers, eSentire’s value-rich service bundles deliver unmatched value, including a remarkable 99% reduction in threat detection and containment times, compared to global averages; robust cybersecurity compliance; as well as extensive threat response capabilities, averaging 35 seconds to respond and 15 minutes Mean Time to Contain (MTTC). eSentire protects organizations of all sizes, acting as an extension of customer teams to offset their cybersecurity skills gap, meet compliance objectives, and reduce risk at a fraction of the cost of setting up their own SOC.

Benefits of adopting eSentire’s MDR and SOC Services include:

• Rapid time to value, with service onboarding in only 14 days on average
• Unlimited incident handling and 24/7 threat hunting as foundational service offerings vs add-ons
• Complete attack surface coverage, driving deep, multi-signal investigation across network, endpoint, log, cloud, and identity sources with over 300 technology integration options
• Expertise of eSentire’s Threat Response Unit (TRU), a dedicated team of cybersecurity researchers and hands-on experts, who perform threat hunts, build new detection rules and operationalize threat intelligence to constantly harden customer defenses
• Leadership in Generative AI, with its MDR for GenAI Visibility solution and its Insight Portal eSentire Investigator application, empowering every eSentire customer with investigation, response, and remediation tools through simple natural language interaction
• Flexibility for end-users to bring their own technology subscription or partner with eSentire for a fully managed license and service, as organizations consolidate their service protection
• 24/7 support, delivering a MTTC active security threats of only 15 minutes, to reduce risk of downtime

As part of eSentire’s expanded relationship with TD SYNNEX, they have introduced new service offerings that include CrowdStrike endpoint and identity protection, coupled with eSentire’s 24/7 SOC and Managed Detection and Response support. Additional eSentire packages with its proprietary Atlas MDR Agent are also available.

“TD SYNNEX is committed to uniting IT solutions that deliver business outcomes today and unlock growth for the future,” said Scott Young, Senior Vice President of Product Management at TD SYNNEX. “With eSentire added to our vast portfolio of vendor partners, we’re able to enrich the breadth and depth of our offerings so customers can do great things with technology.”

“More than 90% of security spend goes through the partner ecosystem,” said Bob Layton, eSentire’s Chief Channel Officer. “That ecosystem of trusted partners, MSPs and advisors need simple, high-value offerings to serve their clients – eSentire and TD SYNNEX are providing frictionless solutions that snap-in to channel partner solutions and deliver unmatched cyber protection.”

Join eSentire at the TD SYNNEX SMB Connect Symposium in Las Vegas, August 13-15, 2024. Review eSentire’s service offering with TD SYNNEX here.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post eSentire Expands Partnership with TD SYNNEX first appeared on AI-Tech Park.

Veza, the identity security company, today announced the launch of Access AI, a generative AI-powered solution to maintain the principle of least privilege at enterprise scale. With Access AI, security and identity teams can now use an AI-powered chat-like interface to understand who can take what action on data, prioritize risky or unnecessary access, and remove risky access quickly for both human and machine identities. By bringing the power of generative AI to identity security in the enterprise, Veza makes it possible to prevent, detect, and respond to identity-related issues before they turn into disruptive incidents like breaches or ransomware.

Identity security has become a top priority for companies that have embraced cloud services, SaaS applications, and AI. According to a report from the Identity Defined Security Alliance (IDSA), 90% of organizations experienced an identity-related incident in the past year, and 84% suffered a direct business impact as a result. To combat this growing problem, companies are investing in new business processes like Access Entitlements Management, Identity Security Posture Management (ISPM), and Identity Threat Detection and Response (ITDR).

Similarly, according to Gartner®, “The broad adoption of cloud services, digital supply chains and remote access by employees working from anywhere has eroded the value of legacy security controls at the perimeter of the corporate network, positioning identity as the primary control plane for cybersecurity.”¹

Access AI

With this announcement, Access AI is available across the Veza Access Platform. It uses machine learning and generative AI to surface and contextualize recommendations for fixing identity-based threats. Teams across identity, security engineering, application security, and compliance use Access AI to investigate who has access, how they got it, and whether it should be revoked. Like all Veza products, Access AI understands both human identities and non-human identities, such as service accounts.

Access AI can:

• Answer natural-language questions about entitlements and association to identity
• Understand the access of non-human identities and machine identities
• Recommend roles that follow the principle of least privilege
• Surface dormant or excessive permissions to revoke
• Create ITSM tickets (such as ServiceNow) with instructions for remediation
• Recommend actions during user access reviews and recertifications

“Two years ago we changed the game in identity access with our Access Graph, and now we are doing it again with Access AI,” said Tarun Thakur, co-founder and CEO, Veza. “Veza is the first company to apply AI to manage and secure entitlements across SaaS systems, cloud data systems, identity systems, and infrastructure services. Customers tell us this is the year of identity. They want access intelligence to hunt for threats automatically across tens of thousands of identities and entitlements within hundreds of systems, which is critical with the recent explosion of non-human identities. To solve this requires speed and intelligence that is only possible with AI.”

“To operate with least privilege, companies must be focused on their identity posture. With the modern enterprise moving away from standing access, success now depends on having the appropriate tools and automated solutions,” said Matthew Sullivan, Infrastructure Security Team Lead at Instacart. “Nearly every discovery made by Veza’s AI has prompted an immediate response from our team. With hundreds of thousands of entitlements to oversee, leveraging AI-driven automation has been essential to staying proactive.”

J.P. Morgan Investment

This launch comes on the heels of an investment from J.P. Morgan, a leading global financial services firm, which brings the company’s total funding to $132 million. This investment will be used to accelerate product innovation as Veza continues to redefine identity security and organizations across the globe begin their identity security transformation.

New Capabilities

As Veza continues to modernize the identity market with its industry-first Access Graph and Access Intelligence, it has also unveiled additions to the Veza Access Platform in conjunction with the release of Access AI.

Enhanced security for non-human identities (NHIs)

• NHI Insights and NHI Access Security, an inventory of all NHIs like Azure AD service principals and AWS IAM service accounts.
• Support for new NHI entities: access keys and secrets.
• Ability to monitor key rotation to reduce the risk of stale credentials.
• Ability to determine access of keys, tokens, certificates.
• Custom rules and manual overrides for NHI identification to aid in searching, tracking, and alerting.
• Support for managing NHI owners to manage timely key rotation, workload uptime, and service account governance.

Lifecycle management for next-gen IGA

• Role recommendations for access requests based on the principle of least privilege, powered by machine-learning.
• 10 new targets for Veza Lifecycle Management. Support for provisioning and deprovisioning to Active Directory (AD), Entra ID, Okta, Azure, Salesforce, Microsoft Exchange, Exchange Online, SAP, Google Workspace, and Snowflake. Veza Lifecycle Management goes beyond SCIM protocols to advance the state of provisioning that covers hierarchical groups and roles with a set of automated CRUD aware policies.
• Support for the Veza Open Authorization API (OAA) which allows quick support for provisioning to new applications, including custom applications.

Activity monitoring for ITDR, Security Engineering, and Security Operations

• New ability to monitor activity in Okta, collecting and summarizing log data to know who accessed what resources, including last-used date.
• Calculate the Over-Privileged Access Scores (OPAS) for Okta to prioritize your most over-privileged roles and users.
• Monitoring for access activity in Snowflake and AWS IAM.

Access intelligence for Cloud PAM, privilege threat hunting, privileged access assurance

• Out-of-the-box role mining insights and analytics for Snowflake.
• 20+ out-of-the-box dashboards by persona, risk type (privilege drift, insider threat, cloud entitlements, ISPM, NHI, access creep), and systems (SaaS, data systems, infrastructure).
• Veza Query Language (VQL) as API endpoints to query, sort, filter, and perform complex compound queries for use cases such as segregation of duties and privilege threat hunting.
• New Risk Profile based on privilege threat hunting framework that leverages the power of Veza Access Graph, identity risk scores, over-permission access scores, and Veza Query Language.

Learn more:

• Access AI overview: https://veza.com/product/access-ai/
• Access AI launch webinar: https://veza.com/company/events/access-ai-launch-webinar/
• State of Access 2024 report: https://veza.com/resources/stateofaccess2024/
• AI for Identity Security: Veza’s Strategy: https://veza.com/blog/ai-for-identity-security-my-journey-our-perspective-and-vezas-strategy/

Citations

1. Gartner, Identity-First Security Maximizes Cybersecurity Effectiveness, Rebecca Archambault, Felix Gaehtgens, James Hoover, Ant Allan, 1 May 2024

GARTNER is a registered trademark and service mark of Gartner, Inc and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Veza announced the launch of Access AI™ first appeared on AI-Tech Park.

Rapid7, Inc. (NASDAQ: RPD), a leader in extended risk and threat detection, today announced the launch of its Command Platform, a unified threat exposure, detection, and response platform. Rapid7’s AI-charged Command Platform allows customers to integrate their critical security data to provide a unified view of vulnerabilities, exposures, and threats from endpoint to cloud to close security gaps and prevent attacks. Rapid7 also announced the first two solutions on the Command Platform: Exposure Command, which helps organizations detect and prioritize exposures from endpoint to cloud, and Surface Command, which is designed to discover and provide deep visibility into the assets that the security team is responsible for protecting across their internal and external attack surface and is included with Exposure Command.

The Rapid7 Command Platform integrates native cloud and on-prem assessment with data from an organization’s ecosystem of IT, security, and business tools to help them take command of their attack surface and confidently discover, identify, prioritize, and remediate risk. The fully-integrated platform gives security operations teams greater visibility they can trust that was previously unattainable due to cost.

“Rapid7 customers now can have confidence in comprehensive visibility to truly monitor, manage, and measure exposures and threats across the entirety of their ecosystem with full business and environmental context — whether that data comes from Rapid7 or other providers — at an affordable cost,” said Corey Thomas, chairman and chief executive officer, Rapid7. “When you have trust in what’s happening in your environment, you can quickly zero in on the highest risk vulnerabilities and exposures to focus on the most critical assets that need attention.”

Exposure Command and Surface Command are foundational to Rapid7’s new Command Platform. With Exposure Command, organizations can now discover, assess, prioritize and remediate exposures across their attack surface, take action confidently on threats with assistance from veteran security experts, and drive tangible return on their investment and outcomes that make it easy to demonstrate success.

An essential part of Exposure Command, Surface Command is designed to enable organizations to eliminate blind spots and uncover security control gaps, proactively harden their attack surface with more complete context about identities and assets, and accelerate incident response teams with better data and perspectives.

Both of these solutions are priced at a disruptive all-in value so that security teams can see immediate return on their investment.

“Exposure Command and Surface Command are truly transformational for security teams,” said Craig Adams, senior vice president and chief product officer, Rapid7. “Not only do they eliminate guessing about what is taking place in your environment or which risk to tackle first, they free up the excessive time and money teams spend on a host of tools, manually piecing together inconsistent and disjointed reports to understand only a portion of their attack surface and security posture.”

Exposure Command

Exposure Command is designed to detect and identify exposures from endpoint to cloud. Exposure Command enables security operations teams to enrich continuous attack surface monitoring with deep environmental context and automated risk scoring to identify and remediate ‘toxic combinations.’ It also allows them to understand asset posture and ownership and enforce compliance with internal policies, industry best-practices and regulatory frameworks across hybrid environments, and avoid cloud risk before it reaches production with actionable feedback.

With Exposure Command, organizations can:

• Detect and Remediate Vulnerabilities Across a Hybrid Environment: continuously assess the entire environment for vulnerabilities and prioritize response based on the likelihood and potential impact of an exploit with purpose-built data collection approaches for cloud and on-prem environments.
• Enforce Organizational Standards and Compliance Policies: track adherence to organizational policies and regulatory standards with more than 50 compliance packs and thousands of security policy checks. Security operations teams can also notify relevant stakeholders and leverage native automation to enforce compliance at scale.
• Shift Cloud Security and Compliance Checks Left, Earlier in the Development Lifecycle: leverage Infrastructure as Code (IaC) scanning capabilities to implement the same security and compliance checks used in production earlier on in the continuous integration and continuous deployment (CI/CD) pipelines, identifying potential misconfigurations and non-compliant resources before they’re ever provisioned.
• Monitor Effective Access and Permissions Across All Clouds: continuously track accounts and their effective access across the organization, flagging overly-permissive roles, the potential for privilege escalation and automatically enforcing least privilege access (LPA) policies at scale.
• Identify Paths for Lateral Movement Across Cloud Environment: attack path analysis enables teams to visualize the relationships between interconnected cloud resources and uncover the potential for attackers to move laterally across the environment should they gain access to it.

Surface Command

Surface Command provides organizations with unified asset inventory – a more complete, vendor agnostic view of an organization’s internal and external attack surface. Surface Command breaks down data silos by combining comprehensive external attack surface monitoring (EASM) with cyber asset attack surface management (CAASM) across hybrid environments to build a dynamic, 360-degree view of an organization’s entire attack surface in one place.

Surface Command includes a library of more than 100 connectors feeding into Rapid7’s unified machine learning-driven correlation engine. Organizations can identify and mitigate exposures and potential threats with a risk-aware and adversary-driven view of their attack surface. This dynamic map of their digital estate from endpoint to cloud provides organizations with a holistic view of their attack surface.

With Surface Command, organizations can:

• Establish and Maintain a Single Source of Truth: unify and correlate asset inventory and identities across internal tooling and cross reference findings against regular external scans to understand their attack surface and establish a single source of truth across teams.
• Uncover Assets Lacking Proper Security Controls: recurring scanning to spot gaps in security coverage where assets are missing controls – such as endpoint security agents and vulnerability scans – and which identities have admin access or are missing multifactor authentication (MFA).
• Drive Accountability Across Teams: understand asset ownership and drive accountability when compliance standards aren’t met, providing clarity around which stakeholders to engage when remediation actions are required to security and governance, risk, and compliance (GRC) teams.
• Provide Full Context to Incident Responders: security analysts can more effectively prioritize ongoing threats by having asset, vulnerability, and security control context in one place to make decisions. They can also enable organizational wide threat hunts based on known asset information and tactics, techniques, and procedures (TTPs).
• Detect Shadow IT and Ungoverned Use of IT Resources: identify unknown users and assets connected to the network with necessary context to understand the relative risk and necessary remediation steps.
• Augment Configuration Management Database (CMDB) Tools and Assist with Asset Lifecycle Management: track technology adoption across the organization and leverage powerful native querying capabilities to gain deep insight, including if assets are still active, who owns them, and when they were last updated or modified.

Availability
Rapid7’s Command Platform with Exposure Command and Surface Command is available today. Surface Command and Exposure Command are priced based on the average number of assets monitored across an environment. Exposure Command comes in two tiers, depending on an organization’s level of cloud maturity, both of which include Surface Command.

To view a demo, visit https://www.rapid7.com/products/command/request-demo/.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Rapid7 announced the launch of the Command Platform first appeared on AI-Tech Park.

AppOmni, the leader in SaaS security, today announced a series of technology advances to deliver industry leading identity and threat detection capabilities to protect critical enterprise Software-as-a-Service (SaaS) environments. With new features that leverage powerful identity-centric analysis, mass-scale event monitoring and normalization, an industry standard for SaaS event monitoring capabilities, and a comprehensive dashboard to show trending risk and the overall security health of SaaS applications, AppOmni continues to set the bar for SaaS program operationalization. The newest capabilities complement traditional ITDR and identity and access management (IAM) solutions from Identity Providers (IdPs) such as Okta, and collectively help security professionals build stronger, scalable SaaS security that boosts defenses while further reducing alert fatigue.

Joe Sullivan, strategic advisor to AppOmni and former CSO at Facebook, Uber, and CloudFlare, said: “SaaS applications are increasingly being targeted by cybercriminals. Detecting threats within these apps requires a specialized approach. The new AppOmni capabilities will help organizations build scalable SaaS security with accurate threat detection, continuous, deep SaaS security posture checks and identity-centric analysis. Some of the capabilities AppOmni is unveiling today have recently been seen as standalone products from startups with big valuations. By embedding these features in one SaaS Security Platform, AppOmni is making it easy to build a world class SaaS security program.”

“The events of the past year including recent attacks involving Snowflake have validated the fact that SaaS applications used by almost every organization are under attack by advanced actors,” said Harold Byun, chief product officer at AppOmni. “Based on AppOmni Labs Research and breach analysis, it has become even more critical for enterprises to build a security strategy around these undefended internet facing endpoints that facilitate an entry point to internal on-premise infrastructure. The new AppOmni SaaS-aware ITDR capabilities will help organizations identify and protect against modern SaaS threats.”

In the wake of significant breaches from SaaS applications such as Rapeflake (Snowflake), Microsoft Blizzard, Okta HAR, GitHub and others, it is becoming more evident that the SaaS estate is being actively targeted and attackers are gaining access to critical data assets. When one considers that most organizations use hundreds of SaaS applications, and these apps operate as unmonitored, undefended internet facing endpoints, security teams are left with a massive high risk blind spot. Furthermore, analysis of SaaS breaches shows that attackers are using SaaS as an entry point for privilege escalation and to gain access to legacy on-premise and internal systems leading to broader scale compromise.

Analysis from AppOmni Labs, the research division at AppOmni shows that organizations that address attack surface and posture gaps in SaaS reduce alerts to their Security Operations Center (SOC) by roughly 40%. Furthermore, post authentication events (after an attacker has potentially compromised an application) are reduced by over 70%. In a world where there are too many security tools, too much noise and fatigued security teams, the correlated lens on security posture, identities, and threat detection that SaaS-Aware ITDR provides delivers a truer security signal for faster response times.

Successfully building threat detections for SaaS applications requires a multifaceted approach. AppOmni combines advanced detection capabilities with comprehensive insights across your SaaS estate, integrating posture and identity information. This approach eliminates entire classes of SaaS issues, enhances threat detection accuracy and reduces the number of alerts, aiding busy SOC teams.

Identity-Centric Analysis

As security professionals well know, SaaS logs typically display an endless stream of events from vendors. These usually feed the standalone alerts that take up disproportionate attention from SOC teams, without any meaningful context. An adequate response requires piecing together disparate events or painstaking sequencing them to gather real insight about potential threats. With AppOmni’s patent-pending capabilities for context-sensitive log sequencing combined with our newly introduced identity analysis, AppOmni automatically sequences SaaS logs to derive critical insight about potential threats. These capabilities are combined with our user and entity behavior analytics (UEBA) capabilities to help security teams and application owners prioritize the most serious threats, enabling organizations to conduct clear investigations. This feature set represents the most accurate SaaS threat detection approach currently available.

Enhanced Open Source SaaS Event Maturity Matrix

AppOmni last year released the Event Maturity Matrix (EMM), a comprehensive framework that provides clarity on SaaS audit logging—a valuable, one of a kind resource for the industry to gain visibility into SaaS events, identify gaps in SaaS events supported by application vendors, and guide security monitoring and operational objectives. The Event Maturity Matrix is now used by global organizations as part of vendor due diligence processes both during the initial assessment and during annual security reviews.

Today, AppOmni announces new updates to the Event Maturity Matrix, including the addition of cloud-based data storage platform Snowflake and healthcare Customer Relationship Management (CRM) solution Veeva Vault to the SaaS event inventory. Other new enhancements enable organizations to identify gaps in logs, verify information available for incident response and determine SaaS app authentication mechanisms such as multi-factor authentication (MFA) verification. These deliver clarity into events from each SaaS application and boost awareness of events from each SaaS vendor to further customize detection rules. The EMM also now includes complete contribution dialogue, enabling vendors and end-user organizations alike to interact with the open source tool, building a community around SaaS security.

SaaS Security Health Dashboard

AppOmni also unveiled a new SaaS Security Health Dashboard, which lets administrators view and share a simple executive dashboard to report on the health of their SaaS security program. It serves up specific success metrics and insights into improvements in the security posture of the SaaS estate over time so that teams can validate security measures and demonstrate program effectiveness. This is an invaluable tool for organizations fundamentally dependent upon a wide variety of SaaS applications with thousands of users.

Come See Us at Black Hat USA

Swing by booth #1660 to learn how you can achieve secure productivity with your SaaS applications. Catch the only theater talk this year on SaaS security — Modern Kill Chains: Real World SaaS Attacks and Mitigation Strategies— presented by AppOmni’s Cory Michal, VP of security; Ben Pruce, senior engineering manager; and Brandon Levene, principal product manager, Threat Detection, on Wednesday, August 7, at 1:30 p.m. PT (South Seas CD, Level 3 in Mandalay Bay Convention Center).

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post AppOmni Announces ITDR Capabilities to protect SaaS environments first appeared on AI-Tech Park.

Binary Defense, the trusted Managed Detection and Response (MDR) and enterprise defense provider, today announced the official release of MDR Plus, the industry’s most sophisticated managed security solution for companies looking to bolster their security program and increase technology diversification. The company will be showcasing MDR Plus at Black Hat USA as part of its presence there.

MDR Plus focuses on delivering superior security outcomes through Binary Defense’s BD Platform. This solution integrates real-time detection and containment with sophisticated behavior-based threat detection and managed deception capabilities, ensuring rapid identification and neutralization of threats. Customers benefit from industry-leading observability, contextual feedback, early-stage attack detection, and advanced malware disruption.

Binary Defense’s ongoing investments in its BD Platform have culminated in three key features for MDR Plus: patent-pending Malware Disruption, AI-powered Managed Deception, and seamless telemetry configurability that allows for immediate updates to detection logic based on real-time threat intelligence.

“In today’s high-risk cyber threat environment, companies must go beyond standard detection and response capabilities to neutralize threats before they can impact business operations — and the bottom line,” said Jason Vest, Chief Technology Officer of Binary Defense. “Binary Defense’s MDR Plus is a mature managed security platform that turns the table on attackers by dramatically expanding an organization’s visibility, enabling earlier detection of malicious behavior and empowering defenders with the ability to actually disrupt these attacks before they can execute. This solution, combined with our Open XDR approach, is an effective way for companies to diversify their technology strategy while ensuring the highest level of security.”

Key Features of MDR Plus:

MDR Plus empowers companies by providing more advanced security capabilities for detecting, isolating, and thwarting threats early in the attack lifecycle. Key features include:

Core services

• 24x7x365 SOC Monitoring
• Analysis On Demand with T3 Analysts
• Personalized Detections and Tuning
• Continuous Analytic Threat Hunting

Advanced features

• Managed Deception
• Malware Disruption
• Proprietary Behavioral Detections
• Identity Safeguards
• Telemetry Configurability
• EDR Bypass Detection

New Patent-Pending Malware Disruption Tool:

Recently developed by Binary Defense’s ARC Labs, Malware Disruption is a groundbreaking capability that specifically targets common attacker frameworks widely used by threat actors to establish initial access to a compromised machine.

This patent-pending attack disruption technology is a critical evolution in malware defense. Instead of relying on signature-based detection methods, Malware Disruption focuses on a fundamental process in malicious code execution that is universally shared by malware families and other exploitation tools. This empowers security teams to thwart attacks early in the Cyber Kill Chain, without any impact on legitimate computing processes.

Malware Disruption has an over 90% detection rate against known malware families, including Command and Control (C2) frameworks. It is also immune to sophisticated evasion and obfuscation techniques.

AI-Powered Managed Deception:

Binary Defense’s deception technology is a critical capability in today’s dynamic threat environment, as attackers are constantly finding new ways to bypass or undermine popular security controls and products.

Managed Deception incorporates a wide variety of deception techniques within each phase of an attack to confuse the threat actors while triggering low false positive alerts. With the click of a button, Managed Deception allows defenders to generate AI-powered simulated environments and key exposures (such as realistic user accounts and credentials) to deceive and outmaneuver attackers.

By implementing a wide spectrum of deception techniques, Managed Deception ensures that company assets remain protected.

Flexible Detection Capabilities That Won’t Disrupt:

Binary Defense’s new event transfer feature provides companies with customized detection packages tailored to each client’s unique environment and the specific capabilities of their endpoints. Equally critical, this telemetry enables seamless integration of the most advanced detection logic and threat intelligence without requiring any software update. This innovative solution ensures real-time adaptability and enhanced protection without the need for disruptive installations.

Visit Binary Defense at Black Hat USA (booth #3026) to learn more about MDR Plus, or visit https://www.binarydefense.com/services/managed-detection-and-response/.ABOUT BINARY DEFENSE

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Binary Defense announced the launch of “MDR Plus” first appeared on AI-Tech Park.

Stairwell, a cyber resilience company and provider of an AI-powered threat detection and incident response platform, today announced the availability of Run-To-Ground (RTG) capability.  The addition of the latest innovation to the Stairwell platform delivers comprehensive threat detection and incident response benefits not previously possible.

“Integrating Stairwell into our security operations has been a game-changer for Groq,” said Paul Watson, CISO of Groq. “Their innovative ‘Run-To-Ground’ approach has not only accelerated our threat response times but also enhanced the accuracy and confidence of our threat hunting efforts. By providing a comprehensive view of the entire threat landscape, including related files that might have otherwise flown under the radar, Stairwell has become an indispensable tool in our arsenal, empowering us to respond to threats more effectively and protect our organization with greater certainty.”

When a Detection Team triages an alert from security tools, they often rely on brittle indicators like hashes and hostnames. These indicators may be searched in logs, but such searches are never truly comprehensive. With RTG, a single hash from a detection platform like EDR is instantly analyzed across the enterprise’s entire history. Stairwell’s preservation of all executable files allows our Variant Discovery technology to expand investigations from brittle indicators into file similarities. This is designed to find all instances of a threat, its variants, and contemporaneously related suspicious files, performing weeks of Incident Response work in seconds, multiple times per day.

“The Cybersecurity industry has long sought a solution that enables teams to deliver true business outcomes – security, safety, and reliability. But all too often, those teams end up triaging and dealing with the threat of the day,” said Mike Wiacek, Co-founder and CEO of Stairwell. “RTG combines several Stairwell innovations into an intuitive interface, enabling team members of all experience levels to perform tasks that previously required the expertise of seasoned security professionals. This capability allows complex threat analysis and incident response work to be completed in seconds, providing visibility and insights that were once only accessible to the most experienced experts.”

RTG is currently being rolled out to all Stairwell customers and is available at no additional cost.

To learn more about Stairwell’s RTG, visit https://stairwell.com/RTG.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Stairwell Unveils Most Comprehensive Threat Analytics Capability first appeared on AI-Tech Park.

Extreme Networks, Inc. (Nasdaq: EXTR) announced it has formed a co-innovation alliance with the Intel® Connectivity Analytics Program to enhance native AI capabilities within its Extreme AI Expert solution, currently in technology preview within Extreme Labs. This collaboration aims to help customers optimize network performance, detect security threats, personalize end-user experiences and reduce operational costs by leveraging network data, unique device data from PCs through the innovative Intel® Connectivity Analytics SDK and Generative AI (GenAI) to make networks smarter, faster and more resilient.

As the number of client devices continues to increase across all network environments, customers need improved visibility into device activity as well as a simplified way to manage devices from the data center to the network edge. Extreme’s partnership with Intel will deliver increased visibility into both network and client devices and will drive additional development of GenAI tools that enable customers to optimize the design, deployment and management of enterprise networking and security. These new features help to optimize network performance, dynamically adjust bandwidth to prioritize critical devices and improve security threat detection and issue resolution.

GenAI to Lower Operational Costs, Improve User Experiences

Introduced as a tech preview at Extreme Connect 2024, Extreme AI Expert combines documentation from Extreme’s knowledge bases with data from applications and devices across customer networks to provide insights and proactive recommendations around the design, deployment and management of networks. The partnership with Intel will incorporate Intel-connected device data to improve recommendations for customers and further extend Extreme AI Expert’s knowledge. Extreme expects to start integrating Extreme AI Expert into Extreme solutions later this year.

Executive Perspectives

“The network is the hub of operations, innovation and experiences. By partnering with Extreme Networks, we’re collectively making the network smarter, faster, more secure and more scalable. By leveraging the riches of AI-centric insights available through the millions of Intel-connected devices across the world and combining that with rich data from the network, we’ll help organizations reduce operational costs and provide best-in-class end-user experiences,”said Eric McLaughlin, VP & GM Wireless Solutions at Intel, Client Computing Group.

“We’re focused on advancing the network to improve human experiences. Partnering with Intel provides our customers with a more secure, more streamlined way to gain visibility of their network and client devices within a single platform. By augmenting our Extreme AI Expert solution with Intel® Connectivity Analytics, we’ll provide richer, more intuitive AI-driven insights and automation which results in smarter, more responsive experiences that enhance everything from network optimization to swift security threat detection and resolution,” said Nabil Bukhari, Chief Technology and Product Officer and GM of Subscription Business at Extreme.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Extreme Networks and Intel to Drive AI-Centric Product Innovation first appeared on AI-Tech Park.