About Us

Cado Security Partners with SentinelOne to Provide Cloud-Native Digital Forensics

Cado Security, provider of cloud-native digital forensics platform, has partnered with SentinelOne, an autonomous cybersecurity platform, to offer security teams with the breadth and depth they need to detect, analyse and respond to attacks with extraordinary speed.

Time is of the essence when it comes to attack management. As soon as malicious behaviour is noticed, security professionals must be able to dig deep to identify the root cause and scope. The SentinelOne Singularity XDR Platform gives the necessary visibility to identify the malicious activity as soon as it happens. Cado Response automates the process of obtaining critical forensic data and historical context, which gives an inquiry more depth.

“Using traditional DFIR approaches often means it can take security teams weeks to capture and process the data needed for a detailed forensic investigation. This is precious time that an adversary has free rein to inflict damage,” said James Campbell, Co-founder and CEO of Cado Security. “At Cado, we leverage the cloud in a way that allows for automation and rapid processing, removing many of the complexities associated with DFIR. We are thrilled to partner with SentinelOne to deliver the data and context security teams need to quickly identify the root cause of incidents and enable faster response.”

Security analysts can always use SentinelOne’s Remote Script Orchestration (RSO) functionality to run Cado Response in a single click to execute an in-depth forensic investigation across their SentinelOne Singularity Platform-protected endpoints, simplifying data collecting and speeding up triage. The Cado Response platform is built on a cloud-based system that scales up and down dynamically to deliver fast processing when it’s required and save money when it’s not, substantially lowering time to evidence and time to response.

“Our focus is to empower security teams to uplevel their approach to incident response and automation with speed, scale and simplicity. Cado Security’s integration with SentinelOne’s Singularity XDR enables security analysts to automate forensics investigations across the enterprise attack surface,” said Mike Petronaci, VP Product, Platform and Ecosystem, SentinelOne.

TTEC Solved Cyber Security Incident

TTEC Holdings, world’s leading CX (customer experience) technology and service innovators for end-to-end digital CX solutions, resolved the cyberattack on its technology infrastructure.

TTEC noticed the cybersecurity incident on September 12 and began remediation and recovery efforts immediately. The incident was contained after the company isolated the affected systems and implemented other corrective measures. In addition, the company has launched a full investigation into the cyberattack, and it is using the results of that investigation to help its own cyber security measures. Despite initial setbacks, TTEC is now up and running all over the world.

“TTEC moved quickly and decisively to identify, contain, and resolve the cyberattack. In just five days our team moved aggressively to rebuild and further solidify our processes and infrastructure. TTEC continues to prioritize our client and people-facing processes and systems,” said Ken Tuchman, TTEC chairman and CEO.

Tuchman said, “I am humbled by the effort and resilience that the TTEC family showed during the past few days, and their continued hard work to support our clients. Our expertise in business continuity and incident response allowed us to continue to serve our clients, despite the many complications presented in this incident.”

The firm has completed the initial recovery measures, strengthened its cyber security, and is in the process of wrapping up its investigation and evaluating the incident’s effect on the organization.

Kivu and Fortalice partnered to provide cybersecurity services to their joint customers

Kivu Consulting, Inc. and Fortalice Solutions, LLC announced a strategic partnership to provide end-to-end cybersecurity services. These world-class organizations will be able to address rising customers’ demands for numerous cybersecurity areas as a result of their collaboration. Fortalice has  knowledge of offensive cybersecurity, security engineering, open-source intelligence, strategic communications, and risk and compliance experience. Kivu brings decades of experience in incident response, digital forensics, breach cleanup, and managed services to the table.

“Now more than ever, clients need cybersecurity firms to offer ‘best-in-class’ abilities across all their urgent needs. As a women-owned business headed by the first female CIO at the White House under George W. Bush, Fortalice’s excellence in handling incidents from triage to remediation perfectly complements Kivu’s reputation as the ‘go-to’ firm for incident response, post-breach remediation, and managed services,” said Chad Holmes, CEO of Kivu Consulting.

Organizations require advanced, distinct skillsets to plan for, respond to, and recover from breaches as bad actors become more sophisticated. Professionals with diversified and highly specialized backgrounds make up the Fortalice and Kivu Consulting teams. “The professionals at Fortalice and Kivu have spent time reimagining how to provide solutions that meet clients exactly where they are in that moment. Our combined teams bring to the industry some of the globe’s leading expert problem-solvers, many of whom have decades of experience”This combination assures our clients have access to a deeper bench of professionals, all at the top of their game, bringing the highest skill levels to all stages of cybersecurity,” said Theresa Payton, CEO of Fortalice Solutions.

Kivu and Fortalice will collaborate to service clients based on their needs as a result of the partnership. Together, the two companies will provide a broad range of services throughout the breach lifecycle.

Hexa Data and Rampiva formed a strategic partnership in Latin America

Rampiva Global, LLC, a global software company developing automation, reporting and business process management software for data processing and review platforms, today announced a strategic partnership with Hexa Data S.R.L. (HexaData), a reseller and solution provider for leading technology products in the areas of digital forensics, mobile forensics, eDiscovery, cybersecurity, data deduplication systems, and network forensics based in Central and South America.

Rampiva Global, LLC (Rampiva), a leading technology firm specializing in automation, reporting and business process management software for data processing and review platforms, announced collaboration with Hexa Data S.R.L. (HexaData), a reseller and solution providing firm for technology products in the areas of digital forensics, eDiscovery, cybersecurity, mobile forensics, and data deduplication.

For digital forensics teams in South America, Rampiva Automate is a game changer: there is much more workload every day, and investments in process, automation, and reporting improve productivity.

Users can utilise Rampiva with the Nuix data processing engine to automate workflows, licencing management and reporting. Rampiva Automate will be used by HexaData’s clients in their digital forensics and eDiscovery environments to improve quality, speed to results, and process maturity.

HexaData, founded by Juan Carlos Jarandilla Torres, a Nuix alum, offers the competence to assist companies use automation to address problems.

“Rampiva Automate is a game changer for digital forensics teams in South America — there’s more work every day, and investments in process, automation, and reporting drive productivity,” said Torres.

“HexaData is an exciting partner for Rampiva. We founded Rampiva to help make digital forensics and data analytics more accessible. Juan Carlos’ tenure in the industry, HexaData’s consultative focus, and the priority they place on training aligns with our vision of enabling clients to harness the value of data,” shared Daniel Boteanu, CEO of Rampiva.

“This new partnership between Rampiva and HexaData is a great example of why Nuix invests in our Partner Ecosystem. Without partners like HexaData, our clients in Central and South America would struggle to evaluate and onboard technology partners like Rampiva. We’re excited to see the success of this new effort,” stated Chris Pogue, Head of Strategic Alliances.

Security Information and Event Management (SIEM) – An Overview

Security Information and Event Management (SIEM) is a branch of computer security that combines Security Information Management (SIM) with Security Event Management (SEM) in software products and services. Security devices, network equipment, systems, and applications all provide event data, which SIEM technology aggregates. They analyse security alarms generated by applications and network devices in real time. Contextual information on people, assets, threats, and vulnerabilities is linked with event data for compliance or security audit purposes.

SIEM (Security Information and Event Management) is a security system that assists enterprises in identifying potential security threats and vulnerabilities before they interrupt business operations. It identifies suspicious user behaviour for threat detection and incident response.

Log Management

SIEM (Security Information and Event Management) gathers event data from a variety of sources across an organization’s network. Logs and flow data from various users like employees or clients, applications, cloud environments, assets and networks are collected, saved, and analysed in real-time, allowing IT and security teams to monitor their network’s event log and network flow data from a single centralised location. Some SIEMs link with third-party threat intelligence channels to correlate their internal security data with previously identified threat signatures and profiles. Security teams can block or identify new attack signatures by integrating with real-time threat sources.

Security Alerts and Incident Monitoring

SIEM systems can identify all devices in the IT environment since they provide centralised control of on-premise and cloud-based infrastructure. SIEM technology monitors for security incidents across all connected individuals, devices, and applications, identifying suspicious activity as it occurs in the network. SIEM systems reduce IT security teams’ average time to detect and average time to respond by offloading the manual operations involved with in-depth security event analysis.

Analytics and Event Correlation

Any SIEM solution must include event correlation as a component. Event correlation gives insights to swiftly find and mitigate possible threats to enterprise security by utilizing advanced analytics to identify and analyse complex data patterns. Administrators can be warned promptly using customizable, specified correlation rules and take appropriate action to mitigate the incident before it escalates into more serious security risks.

Investigating for Forensic Purposes

When a security issue happens, SIEM systems are suitable for performing digital forensic investigations. SIEM systems enable businesses to collect and analyse log data from all of their digital assets in one central location. This enables them to reproduce previous occurrences or evaluate new ones in order to examine suspicious activity and improve security systems.

Compliance and Regulation

SIEM solutions are a popular choice for businesses that must comply with a variety of regulations. SIEM is a powerful tool for gathering and verifying compliance data across the whole corporate infrastructure since it allows automated data collection and analysis. SIEM solutions create real-time compliance reports for compliance requirements, easing security management and detecting any violations early. 

New Advanced Real Time Threat Detection

Organizations must be able to rely on solutions that can detect and respond to both known and new security threats, given how quickly the cybersecurity environment changes. SIEM solutions can successfully mitigate newer security breaches by utilizing integrated threat intelligence feeds.

SIEM products are available as software, equipment, or managed services, and they are used to log security data and generate compliance reports. Clients’ need to analyse activity data in real time for early identification of cyberattacks, data breaches, as well as collect, store, investigate, report on log data for incident management, forensic analysis and regulatory compliance, are the Security and Information Event Management (SIEM). Taking proactive actions to check and mitigate IT security risks is critical, regardless of how big or small your company is. Enterprises benefit from SIEM solutions in a variety of ways and they’ve become an important part of optimizing security procedures.

Marclay is acquired by BlueVoyant in order to expand its managed and consulting service capabilities in the United Kingdom

BlueVoyant, a cybersecurity services company, announced that it has acquired Marclay Associates, a UK-based cybersecurity consultancy that helps global organizations protect themselves against highly sophisticated threat adversaries and cyber risk vectors by providing world-class incident response and cyber investigation services. BlueVoyant will receive $30 million in investment from current investors to support this transaction, helping to encourage additional business expansion across the sector.

Marclay Associates’ services are concentrated on its digital forensics and incident response teams, as well as its governance, risk, and compliance practice. Marclay Associates’ Marclay One secure communications platform, a cloud-based IT solution that serves users globally, supports professional services.

“The UK is of critical strategic importance to BlueVoyant; extending our regional presence through this acquisition strengthens BlueVoyant’s support for customers in the UK and beyond. Marclay Associates’ expertise is well-recognized throughout the industry; combining our capabilities to help customers best protect their environment made absolute sense,” said Robert Hannigan, Chairman, BlueVoyant International.

With new malware, ransomware variants and hybrid attacks threatening to compromise sensitive data, BlueVoyant’s combined suite of Managed Security Services, Professional Services and Threat Intelligence, and Third-Party Cyber Risk Management capabilities will provide unrivalled expertise and service to UK customers.

“The acquisition of Marclay by BlueVoyant combines the global cyber expertise of our former UK intelligence and security services personnel, and our industry-leading services, with BlueVoyant’s advanced cybersecurity portfolio. Now, with the support of BlueVoyant we can continue to help both new and existing customers meet their cybersecurity requirements with an exciting UK service offering,” said Jake Hockley, Senior Partner, Marclay Associates.

“We are delighted to join BlueVoyant at this stage of its growth journey. We have been delivering cybersecurity professional services to our clients for over eight years, and the opportunity to combine our existing services with BlueVoyant’s pioneering cyber technology in its first and third-party cyber risk management solutions and managed security SOC services, gives us a powerful proposition to take to the UK market and beyond,” said James Tamblin, Senior Partner, Marclay Associates.

Insider Threat Management – An Overview

An insider threat occurs when employees, vendors, or business associates who have access to an organization’s information, network, or premises use that access intentionally or unintentionally to compromise the security and perform malicious activities like theft, fraud and damaging systems.

Types of Insider Threats are –

  • Malicious Insider – A malicious insider is an employee who intentionally steals information for monetary or personal gain. Since they are very well acquainted with the company’s security policies and procedures, they have an advantage over other attackers.
  • Negligent Insider – Insiders do not want to put the company at risk, but they do so unintentionally by acting recklessly. An employee who does not adhere to IT security policies or make mistakes due to poor judgement. e.g., an administrator who does not install a security patch.
  • Compromised Insider – An employee whose computer is infected with malware is a typical example of a compromised insider. This usually occurs as a result of phishing scams or clicking on links that lead to malware downloads.

Some Key Features of Insider Threat Management Solutions are –

  • Privileged Access Management (PAM) – ITM solution determines who has access to systems and applications at any given time. PAM apps can do this by creating and deleting user identities. It employs password vaulting, encryption techniques and access control for mission-critical technologies and applications. For password and data sharing PAM uses encryption which is a secure way of communication and it prevents attackers from reading data. A compromised credential is at the heart of the majority of security breaches. As a result, Privileged Access Management (PAM) is an essential component of ITM (Insider Threat Management) solution.
  • User Activity Monitoring with Big Data Analysis – Security threats have increased and become more complex as work-from-home and remote-work activities have expanded. As a result of remote work, security priorities have shifted, and security protocols have been changed. Insider security management tools create models of user behaviour and assign risk scores. Creating behavioural baselines based on various factors like timing of activity, data accessed and actively learning what is acceptable behaviour is the most effective way to detect insider threats without producing a large number of false-positive warnings. To detect privilege misuse, sophisticated machine learning models and data science is used to track and analyse vast quantities of data from a variety of sources. This helps in the detection of multiple attacks spanning multiple alarms, allowing for rapid detection and response.
  • Investigation and Threat Mitigation – In case an intruder breaches the perimeter and gains access to the organization’s network, security teams can search for multiple compromised credentials or abuse indicators to confirm the threat. ITM’s machine learning is used by security teams to generate security-relevant signals. These techniques will help in visibility and detailed forensic analysis.

A successful Insider Threat Management solution requires an understanding of what organization values and what could potentially harm or threaten those assets. A complete understanding of an organization’s assets allows for proper coordination and risk management. A tried-and-true ITM solution starts with figuring out where an organization’s properties are kept and who has access to them. This allows for a more comprehensive classification of each asset’s risk and the implementation of risk-based mitigation strategies.