Breach Force: Effort doesn't Equal Effectiveness… Why Some Firms "Red-Team" Their Networks
Security effort does not equal security effectiveness. That is why security-conscious customers red-team their networks – they need the unvarnished truth of the effectiveness of their security programs.
In today's episode of "Breach Force", McAfee brings enhanced database security to the cloud, Sophos looks to sure up endpoint detection and response, RapidFire wants to help companies navigate the tricky waters of cybersecurity liability and FireEye plans to acquire Verodin.
In our lead story, as organizations migrate to the cloud for their mission critical applications, they often have hundreds or thousands of databases in the cloud. One of the biggest concerns customers have in migrating database workloads to the cloud is inadvertently losing the controls they might have on-premises.
To meet those challenges, McAfee has released Database Security for Amazon's Relational Database Service, strengthening its relationship with AWS and shared commitment to offer cloud-based security solutions.
This new product delivers real-time visibility into virtually all database activity, including local privileged user access and offers the ability to monitor and thwart sophisticated attacks from within the database. This cloud-based security product advances McAfee's device-to-cloud strategy by taking a best-in-class database security solution and extending it to customer cloud deployments to Amazon RDS.
"We universally hear from our broad customer base that they need to fortify their cloud database deployments with strong security tools, similar to how McAfee has always done with on-premises databases," said Anand Ramanathan, VP at McAfee. "By working with AWS, we are helping to facilitate our customers' cloud journeys by pairing the security pedigree of McAfee with Amazon RDS.
In other words, AWS customers can now gain access to McAfee's Database Security to add an additional layer of security and rapidly implement critical workflows.
Check out a new episode of "Breach Force" on YouTube (https://youtu.be/
Meanwhile, Once the bots identify potential targets, cybercriminals use their savvy to select victims based on an organization's scope of sensitive data or intellectual property, ability to pay a large ransom, or access to other servers and networks.
The final steps are cerebral and manual: break in, evade detection and move laterally to complete the mission. This could be to quietly sneak around to steal intelligence and exit unnoticed, disable backups and encrypt servers to demand high-roller ransoms, or use servers as launch pads to attack other companies.
To address those cybersecurity pain points, Sophos has released Intercept X for Server with Endpoint Detection and Response.
By adding EDR to Intercept X for Server, IT managers can investigate cyberattacks against servers, a sought-after target due to the high value of data stored there.
Cybercriminals frequently evolve their methods and are now blending automation and human hacking skills to successfully carry out attacks on servers. This new type of blended attack combines the use of bots to identify potential victims with active adversaries making decisions about who and how to attack.
"Blended cyberattacks, once a page in the playbook of nation state attackers, are now becoming regular practice for everyday cybercriminals because they are profitable" said Dan Schiappa, CPO at Sophos. "Most malware is now automated, so it's easy for attackers to find organizations with weak security postures, evaluate their payday potential, and use hand-to-keyboard hacking techniques to do as much damage as possible."
In other news, FireEye will acquire Verodin for around $250 million. The deal will add significant new capabilities to the FireEye portfolio identifying gaps in security effectiveness due to equipment misconfiguration, changes in the IT environment, and evolving attacker tactics.
"Verodin gives us the ability to automate security effectiveness testing" said Kevin Mandia, CEO at FireEye. "It provides a systematic, quantifiable, and continuous approach to security program validation."
Meanwhile, security breaches have become one of the biggest challenges for IT departments, with the average cost of a data breach in 2018 reaching $3.86 million. In the face of this mounting threat, the global cyber liability insurance market is growing rapidly, but many policies require businesses to adhere to specific conditions in order to be paid out if a claim is filed.
To address this need, RapidFire Tools has released Audit Guru for Cyber Insurance, the first compliance process automation tool designed to document and demonstrate "due care" by cyber insurance policy-holders, helping them to receive payout in the event of a claim.
"With the recent explosive growth of confusing cyber insurance products coming to market, thousands of SMBs are purchasing policies filled with technical contingencies that could — and frequently do — void their claims," said Michael Mittel, GM at RapidFire Tools.
"With the new Audit Guru for Cyber Insurance offering, we arm MSPs with the ability to systematically document and provide evidence that they meet the requirements set by top insurance carriers, effectively eliminating any guesswork when it comes to compliance and ensuring that claims are paid."
"Breach Force" is produced by The Tech Video Project, and sponsored by RestonLogic, cloud wizards leveraging over 10 years experience helping companies automate, transform and build highly-secure and stable systems. Click over to RestonLogic dot com to book a strategy session today.
Disclaimer: The blurbs highlighted on "Breach Force" are available for information purposes only, and don't necessarily reflect opinions of our editors.
Page Updated Last on: Jun 14, 2019