Cloud Hosting

Check Point Software, Sophos, Trend Micro, WatchGuard, and Zimperium published security reports last week. ManageEngine revealed that it had attained a Spanish cybersecurity certification. LogRhythm published a press release rounding up its success in H1 2023, and VMWare announced a partnership with AMD and Samsung.

Check Point released the 2023 Cloud Security Report. Key findings from the report based on over 1000 responses included:

TJ Gonen, VP of Cloud Security at Check Point Software Technologies, commented, Our survey found that cloud misconfigurations are the foremost concern for todays CISOs. However, what sets successful cloud security organizations apart, is not only the ability to identify misconfigurations, but also to grasp their contextual relevance and prioritize their resolution.

Understanding which misconfigurations truly pose a risk to business operations is paramount. As is the capability to swiftly and effectively address those vulnerabilities to maintain a strong security posture. It is imperative for enterprises to select a comprehensive solution that goes beyond surface-level detection.

Check Point Software also published its Environmental, Social, and Governance (ESG) report for 2022. The report covers Check Points sustainability-related projects, technology, business and activities over the last twelve months.

Key highlights include how Check Point is increasing Digital resilience, focusing on Carbon neutrality, its social responsibility, governance and ethics.

Gil Shwed, Founder and CEO at Check Point, said: Our report is an accurate reflection of what weve achieved so far, as well as a glimpse of our future plans. ESG is of paramount importance to us, and were taking definitive steps to continuously improve. From committing to achieving carbon neutrality by 2040, to extending cyber education programs to eager learners worldwide, these actions and many more embody what I believe to be the essence of Check Point making the world safer while also making it better.

LogRhythm reviewed its success, and the product updates rolled out over the first half 2023. It reviewed the improvements to its Axon, SIEM, and NDR solutions.

Chris OMalley, CEO of LogRhythm, commented, LogRhythm demonstrates in our actions a dedication to improving security analysts experience by providing them with the tools they need to navigate the evolving threat landscape effectively. Our latest product enhancements empower security analysts, improve operational efficiency, and offer unparalleled visibility into potential risks. We remain committed to our customers success and resilience against cyber threats.

LogRhythm also celebrated achievements such as:

The company also won several notable awards, including the Frost & Sullivan Competitive Leadership Awards, the Colorado Technology APEX Awards and the Globee Gold Awards.

ManageEngine announced that it has successfully obtained the Spanish governments Esquema Nacional de Seguridad (National Security Framework) certification. The company achieved this certification in the INTERMEDIATE (medium) category in its first attempt after a rigorous evaluation of all its cloud and on-premises solutions by BDO, an independent audit firm.

The evaluation, encompassing audits of the companys European Union data centres (located in Dublin and Amsterdam), announced ManageEngine as a certified company that met all the compliance policy requirements.

Rajesh Ganesan, president of ManageEngine, commented, Regulatory frameworks ensure high levels of trust for citizens using government, public and private digital services. Over the last 13 years, the National Security Framework (ENS) has evolved into a comprehensive framework that helps companies make modern technologies more secure so people can use them with confidence.

We at ManageEngine are excited to receive this certification, which is a testament to our continued efforts to fulfil the needs of our Spanish customers.

Sophies published the The State of Ransomware in Manufacturing and Production 2023 report. It found that the adversaries successfully encrypted data in 68% of ransomware attacks against this sector. This is the highest reported encryption rate for the sector over the past three years and is in line with a broader cross-sector trend of attackers more frequently succeeding in encrypting data.

Manufacturers are increasing the use of backups, 73% (58% 2022) but are taking longer to recover, 55% recovered in less than a week (2022 67%)

John Shier, field CTO Sophos, commented, Using backups as a primary recovery mechanism is encouraging, since the use of backups promotes a faster recovery. While ransom payments cannot always be avoided, we know from our survey response data that paying a ransom doubles the costs of recovery. With 77% of manufacturing organizations reporting lost revenue after a ransomware attack, this added cost burden should be avoided, and priority placed on earlier detection and response.

Longer recovery times in manufacturing are a concerning development. As weve seen in Sophos Active Adversary reports, based on incident response cases, the manufacturing sector is consistently at the top of organizations needing assistance recovering from attacks. This extended recovery is negatively impacting IT teams, where 69% report that addressing security incidents is consuming too much time and 66% are unable to work on other projects.

Sophos recommend several actions for manufacturers that other sectors are already taking:

Trend Micro sponsored and published a SANS Institute report, Breaking IT/OT Silos With ICS/OT Visibility. The report reveals that enterprise Security Operation Centers (SOCs) are expanding their capabilities to the OT domain, but major visibility and skills-related challenges are causing roadblocks.

Bill Malik, vice president of infrastructure strategies at Trend Micro, said, IT-OT integration is already driving digital transformation for many industrial organizations, but to effectively manage risk in these environments, IT and OT security operations (SecOps) must also converge. OT security programs may be lagging, but theres a fantastic opportunity to close the visibility and skills gap by consolidating onto a single SecOps platform like Trend Vision One.

The study also reveals the top challenges organisations looking to expand SecOps face.

Trend Micro also published an Omdia report that revealed that most enterprises invest 5-10% of their IT budgets specifically on private 5G network security, despite an assumption that the technology is secure by default. They will spend $12.9B on Private Network Security by 2027.

The research reveals that 72% of global enterprises believe the 3GPP approach1 to private 5G security is sufficient. These network architectures were built with security in mind, and because they are private, they are inherently more secure than public 5G. However, that doesnt mean they are impenetrable to determined attackers. The report highlights requirements and priorities shared by security leaders for their 5G deployments.

Greg Young, vice president of cybersecurity at Trend Micro, commented, When it comes to private 5G network technology, theres no such thing as secure by default, so its reassuring that enterprises are looking to add their own protections. What will be crucial going forward is educating this new user base about where the most critical security gaps are and what a shared responsibility model will look like in these environments.

VMWare has announced that it is joining forces with AMD, Samsung, and members of the RISC-V Keystone community to simplify the development and operations of confidential computing applications. VMware researched, developed and open-sourced the developer-focused Certifier Framework for Confidential Computing project.

AMD, Samsung and VMware aim to address a significant barrier to adopting confidential computing by standardising on an easy-to-use, platform-independent API for creating and operating confidential computing applications.

Kit Colbert, CTO of VMware, said, Confidential Computing has the potential to secure workloads no matter where they run including in multi-cloud and edge settings. The challenge has been to help customers adopt and implement the standard with ease. The collective efforts of the growing ecosystem of contributors to Certifier Framework will help bring those benefits to bear to ISVs, enterprise customers, and Sovereign Cloud providersenabling them to use this emerging technology more easily and effectively.

WatchGuard announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers in Q1 2023. The key findings included the following:

Corey Nachreiner, the chief security officer at WatchGuard, commented, Organizations need to pay more active, ongoing attention to the existing security solutions and strategies their businesses rely on to stay protected against increasingly sophisticated threats.

The top themes and corresponding best practices our Threat Lab have outlined for this report strongly emphasize layered malware defenses to combat living-off-the-land attacks, which can be done simply and effectively with a platform for unified security run by dedicated managed service providers.

Zimperium published its Global Mobile Threat Report 2023. Key findings included the following:

Jon Paterson, CTO of Zimperium, commented, There is a fundamental issue that todays modern organizations must contend withhow can they capitalize on the opportunities of being mobile-powered without being exposed to evolving risks.

To thrive, it is critical that they employ a mobile-first security strategyone where they continually prioritize and assess risk as close to the user and device as possible, and baseline and continuously assess vulnerability posture to operate in a known state with complete visibility.

They must take responsive action on risk detection: leverage zero trust and conditional access workflows, leverage XDR and autonomous, 3rd party integrations and ensure they assess and stay updated on global privacy regulations and the risks that affect apps they develop and use.

Security News from the week beginning 19th June 2023

See original here:
Security news from the week beginning 26th June 2023 - - Enterprise Times