About Us

Codenotary expanded immudb to store SOC and SIEM data 

Codenotary has announced that it will be extending its immudb technology to store Security Operations Center (SOC) and Security Information and Event Management (SIEM) data with cryptographic verification. 

immudb is a decentralized database that uses cryptographic techniques to ensure the integrity and immutability of data. It allows users to store and retrieve data with confidence, knowing that it has not been tampered with. The extension of immudb to SOC and SIEM data will allow organizations to store this critical data in a secure and tamper-proof manner. 

Moshe Bar, CEO of Codenotary, the primary contributor to the open source immudb project said, “It’s important to store logs and events data and know that it can be trusted in six months, one year, or even five years from now, which is essential in the event of a security issue discovery and then audit and forensic analysis to go back in time to understand what happened and when. 

From our experience, it’s not uncommon to have enterprise SOC platforms tracking 100,000 events per second or more. “ 

SOC and SIEM data are crucial for organizations to detect and respond to security threats and incidents. These systems generate vast amounts of data that must be collected, analyzed, and stored in a secure manner. By using immudb to store this data, organizations can have confidence that the data has not been altered or manipulated in any way. 

The cryptographic verification provided by immudb is an important security feature for SOC and SIEM data. It allows organizations to verify the authenticity of the data and ensure that it has not been tampered with. This is especially important in the case of incident response, where it is crucial to have accurate and reliable data in order to effectively respond to a security threat. 

The use of immudb for SOC and SIEM data also has the added benefit of decentralization. Decentralization means that the data is not stored in a single location, but rather is distributed across a network of nodes. This makes it much more difficult for an attacker to compromise the data, as they would have to attack multiple nodes in order to have any chance of success. 

Overall, the extension of immudb to SOC and SIEM data is a significant development for organizations looking to secure their critical data. By using immudb, organizations can store their data with confidence, knowing that it is secure and tamper-proof. This is an important step towards improving the security and reliability of SOC and SIEM systems and will help organizations to better protect themselves against cyber threats. 

Delinea released DevOps Secrets Vault enhancements

Delinea released the most recent version of its high-speed vault for DevOps and DevSecOps teams, DevOps Secrets Vault. In an effort to speed up development and increase visibility, the newest Mac computers are now supported for development and automation for improved secret management usability.  

Jason Michell, SVP of Engineering at Delinea “The exponential growth of machine identities as applications are modernized and architected as micro-services continues to place organizations at increased risk. Delinea’s ongoing focus on making security seamless for developers is reflected in these recent enhancements, enabling them to use DevOps Secrets Vault to dynamically insert credentials in their code, in line with security best practices.” 

For developers using Macs, it offers expanded support with the addition of support for the M1 chip, developers writing code on the most recent Macs can now take advantage of the command line interface (CLI) and DSV Engine (an agent supporting database dynamic secrets) of DevOps Secrets Vault. Delinea continues to remove the friction that frequently occurs when securing sensitive secrets and credentials, particularly in hectic DevOps environments, by building on its focus on seamless usability. 

The friction between DevOps teams is constantly being reduced. Continuous usability and flexibility improvements are made to both the CLI and the graphical interface, enabling developers to work without interruption in their preferred interface with their preferred tools and assisting businesses in lowering the risk of credentials being compromised. 

In both interfaces, new features have been added, for improved Security Information and Event Management (SIEM) functionality support along with an approved ansible plugin for use with ansible automation Hub and additional authentication techniques. 

What is SIEM?

SIEM systems are the focal point of the IT environment that security analysts are defending. SIEM systems centralize the collecting of security data from all relevant data sources, storing a wealth of information that may be utilized to obtain insight into real-time events and processes.

SIEM (Security Information and Event Management) is a monitoring and analytical system for security and auditing. SIEM technology combines log data, security alerts, and events into a single platform for real-time security monitoring analysis. SIEM is becoming a mainstream security technique because of the recent increase in cyber-attacks, as well as the tighter security requirements that enterprises are forced to follow.

As said mostly, SIEM is a security solution that assists enterprises in identifying potential security threats and vulnerabilities prior to their disrupting company operations. It detects anomalous user behavior and uses artificial intelligence to automate many of the manual processes associated with threat detection and incident response, and it has become a standard in today’s Security Operation Centers (SOCs) for security and compliance management use cases.

SIEM has evolved over time to become more than the log management systems that came before it, according to InfosecurityOutlook. It’s all because of the power of AI and machine learning, SIEM now enables advanced user and entity behavior analytics (UEBA). It’s a powerful data orchestration solution for dealing with constantly changing risks, as well as regulatory compliance and reporting.

SIEM software gathers log and event data from applications, devices, networks, infrastructure, and systems to do analysis and provide a comprehensive perspective of an organization’s information technology (IT).

The following are some of the key components of the SIEM solution:

Open and scalable architecture: Ability to consolidate data from multiple systems, including on-premises, cloud, and mobile, into a single entity.

Real-time visualization tools: Tools that assist security teams in visualizing linked security events to appropriately depict threat incidents.

Big Storage: Capability to collect and manage massive, complicated data sets for indexing and organized and unstructured search.

User and entity behavior analytics (UEBA): A solution for tracking behavioral changes in user data and detecting anomalies when patterns deviate from “normal.”

SOAR (security, orchestration, and automation response): Technology that automates regular, manual analyst operations throughout the incident response workflow to boost operational efficiency.

This solutions can be installed on-premises or in the cloud. SIEM leverages rules and statistical correlations to produce actionable information during forensic investigations by analyzing all data in real-time. This technology evaluates all data, categorizing threat behavior by risk level to assist security teams in promptly identifying malicious actors and mitigating cyber-attacks.

SIEM is being implemented by organisations to protect their environments and to comply with an increasing number of compliance types. The next logical step once a company has accepted the necessity for SIEM is to design the technological implementation.

LTI Partners with Securonix & Snowflake to Strengthen Cybersecurity Offerings

Larsen & Toubro Infotech, an international technology consulting and digital solutions firm, has partnered with Securonix, a leader in next-gen Security Information and Event Management (SIEM), and Snowflake, a leader in secure cloud computing.

LTI’s Active eXtended Detection & Response platform (Active XDR) will be used to detect internal and external risks early, contextualise and defeat threats with enhanced intelligence-led hunting operations, and automate incident response time thanks to the partnership. LTI Active XDR secures billions of critical alerts and records by storing them in a safe data lake.

“Guarding against cyber threats has become a top priority for every enterprise. LTI Active XDR, backed by the latest technologies from Securonix and Snowflake will strengthen our ability to combat ever-growing threats, responding to increasing ransomware attacks and phishing campaigns on critical infrastructure, large enterprises, and federal sector,” said Sanjay Jalona, CEO & Managing Director, LTI.

“‘Bring your own Snowflake’ is an ideal managed service program, significantly reducing the costs and complexity of scaling advanced threat detection and response services across multiple customer environments. We look forward to bringing additional solutions to market with LTI that more effectively secure today’s cloud and complex enterprise environment,” said Sachin Nayyar, CEO, Securonix.

“Chief Information Security Officers (CISO) are looking for alignment with the CIO to gain richer insights, improve scalability and drive savings. LTI is a strategic partner for Snowflake that has been recognized for its innovation and ability to help customers migrate from legacy solutions. We look forward to extending our partnership into cybersecurity together with industry-leader Securonix and its cloud-native ‘Bring your own Snowflake’ SIEM solution,” Said Christian Kleinerman, SVP of Product at Snowflake.

LTI’s cybersecurity strategy is built on assuring business continuity, brand equity, and managing external compliance. LTI is addressing to the need of the hour by scaling its advanced cyber security managed services to its enterprise customers around the world, equipped with state-of-the-art Cyber Defence Resiliency Centres (CDRCs), a centre-of-excellence (CoE) for cyber security.

Keeper Secrets Manager, the First Zero-Trust, Zero-Knowledge and Cloud-Native Solution for Securing Infrastructure Secrets

Keeper Security, a global leading provider of zero-trust and zero-knowledge cybersecurity software that includes password management, dark web monitoring, digital file storage, and messaging, has launched Keeper Secrets Manager, a new cloud-based, zero-knowledge solution for securing infrastructure secrets such as API keys, certificates, database passwords, access keys, and other types of private information.

“Over 80% of successful data breaches involve compromised credentials, and to a cybercriminal, the most desirable credentials are the ones with full access to an organization’s most sensitive data. Yet these highly sensitive and privileged credentials are almost always hardcoded into source code, CI/CD systems or config files. Keeper Secrets Manager enables organizations to protect these ‘hidden’ credentials across all of its infrastructure,” says Darren Guccione, CEO and Co-founder of Keeper Security.

Keeper Secrets Manager is a completely managed and cloud-based security solution that leverages an innovative patent-pending security architecture. Keeper’s top-rated enterprise password management (EPM) technology also uses the same zero-knowledge security methodology. Keeper Secrets Manager seamlessly integrates into nearly any data environment without requiring additional hardware or cloud-hosted infrastructure, whereas competing secrets management solutions require customers to buy special hardware, install a proxy service, or use a specific cloud services provider. It integrates with a range of DevOps tools out of the box, including Github Actions, Kubernetes, Ansible, and others.

“Fast and seamless integration into organizations’ existing tech stacks is where Keeper Secrets Manager shines. Organizations can get Keeper Secrets Manager up and running in about 20 minutes, which is less than the time it would take just to download competing solutions’ appliances.  Keeper Secrets Manager is an elegant and secure solution for managing infrastructure secrets, without any added complexity, maintenance or security issues,” notes Craig Lurey, CTO and Co-founder of Keeper Security.

Keeper Secrets Manager is a logical complement to Keeper Enterprise Password Management (EPM). Keeper’s Advanced Reporting and Alerts Module (ARAM), BreachWatch, Webhooks, SIEM connectivity, and compliance tools are all integrated within the Keeper Web Vault, Desktop App, and Admin Console.

Microland And Securonix Formed Partneship To Deliver State-Of-The-Art Managed SOC Solutions

Microland, a worldwide leading firm in digital transformation services, announced a strategic partnership with Securonix, a provider of Next-Gen SIEM platforms to enhance its managed Security Operations Center offering. The collaboration would enable businesses to gain from advanced artificial intelligence-based solutions to detect and eliminate threats in a world where data theft is on the rise and data protection is becoming increasingly difficult due to a highly complex security landscape.

“Microland advocates a Cyber Resiliency First approach to defend enterprise critical assets and a strategic partnership with Securonix, a Gartner Magic Quadrant leader, is a significant milestone. It reiterates our commitment to providing a Modern Managed SOC with behavior analytics, powered by the elastic Securonix cloud, with ADR – true open XDR Architecture,” said Robert Wysocki, SVP & Global Client Solutions Leader, Cybersecurity, Microland.

Microland provides a 24 x 7 SOC-as-a-Service solution that tracks and records the organization’s expanding digital footprint, contextualises the value of data assets, inspects the IT estate for cyber threats, and protects it by taking real-time necessary actions. Microland would enhance its cyber security services by adding functionality to trace advanced threats and provide artificial intelligence-based security incident response, leveraging Securonix capabilities in UEBA, online monitoring, and log management.

“We are thrilled to be working with Microland to help customers thwart the advanced attacks that modern organizations experience daily. Our modern, proactive approach to enterprise defense, coupled with Microland’s global presence, is sure to deliver unmatched value to organizations looking for a managed SOC offering. The early traction we have experienced together has been incredible, and we look forward to building on that momentum throughout the balance of the year and beyond,” said David Wagner, Vice President, Global MSSPs & Systems Integrators, Securonix

Snapattack Raised $8M Funding To Strengthen Collaboration Among The Next Generation Of Threat Hunters

SnapAttack announced a $8 million fundraising round led by Volition Capital. SnapAttack recently announced a spinoff from Booz Allen Hamilton, and the funding was completed in conjunction with that announcement. Strategic Cyber Ventures (SCV) and Booz Allen Hamilton, which is maintaining its investment in the newly independent business, are among the investors in the round.

“Platforms that empower threat hunters and lead the cybersecurity industry to be more proactive will help turn the tide against the onslaught of attacks we’re seeing across the Federal government and commercial sectors. We believe SnapAttack can help lead the change from reactive to proactive,” said Roger Hurwitz of Volition Capital.

SnapAttack presently contains the world’s most comprehensive collection of labelled cyberattacks, allowing security companies to apply high-quality, validated analytics based on real hacker tradecraft. The platform’s user community is constantly improving and adding to analytic content, which can be confirmed, deployed, distributed, and shared right away.

SnapAttack is unlike anything else on the market since it combines offensive (red teaming) and defensive (blue teaming) tradecraft to find security flaws and strengthen advanced behavioural detections. The platform integrates SIEM, EDR/XDR, and cloud technologies and is vendor agnostic.

In today’s world, most businesses are constantly responding to incidents. SnapAttack is a proactive solution that consists of a security platform that focuses on attack emulation, detection-as-code, and the ongoing development and validation of sophisticated behavioural analytics. Organizations can use SnapAttack to give high-quality detection logic to their technology stacks, preventing assaults before they start.

“SnapAttack is poised to empower a new level of collaboration among the next generation of ethical hackers, threat hunters and security researchers providing advanced insights to stop attackers in their tracks,” said Fred Frey, CTO and founding member of the SnapAttack team.

The funding will be used to speed up platform development, allowing the company to better integrate security operations processes, manage the complete lifecycle of detection analytics, and improve reporting.

It also intends to integrate more threat intelligence and analytic content kinds into the platform in order to develop the most powerful and complete detections with the least amount of human input. To increase product adoption and build their customer base across Federal and Commercial markets, key team growth will be focused on product, engineering, and sales.

Huntsman Security Introduced SmartCheck for Ransomware

Huntsman Security introduced new solution SmartCheck for Ransomware, an automated, on-demand diagnostic application developed to analyse the risk of a ransomware outbreak. The application captures data directly from security activities in order to report on an organization’s security posture in comparison to a set of security measures. These measures are similar to those recently recommended by the UK National Cyber Security Centre (NCSC) and the US National Institute of Science and Technology (NIST), and will provide users with assurance that they are adhering to known cyber security best practice.

SmartCheck for Ransomware tests an organization’s ransomware readiness quickly and effectively, providing a numeric score for each of the 12 security controls. As a result, companies can findout their risk exposure and modify any security policies that are needed to enhance their security posture and ransomware preparation. At the same time, the verifiable report gives higher security trust levels to third parties, such as insurers or potential partners, at a time when supply chain security is a big issue.

“To protect against ransomware and effectively manage their security risks, it is vital that senior executives have clear visibility of their cyber posture. This goes beyond annual audits to having the relevant information available whenever the organisation needs it – whether to modify security settings to improve readiness; or to verify their posture to partners or insurers. By making assessments automated and in line with established best practice, we have given organisations access to reliable security information that they can use with confidence to improve their risk management processes,” said Peter Woollacott, CEO, Huntsman Security.

SmartCheck for Ransomware is developed with much the same precision and reliability as Huntsman Security’s other defence-grade SIEM and Scorecard products, and is meant to be simple to install and use. It assesses the effectiveness of important cyber-attack prevention, containment, and restoration mitigation tactics across the course of a cyber-attack.

“As the threat of ransomware grows everywhere, organisations need to regularly assess their state of readiness. With insurers such as AIG tightening terms and raising premiums in response to the ransomware threat, organisations that can’t demonstrate adequate security precautions will find insurance terms increasingly difficult to negotiate. At the same time, organisations need to take steps to ensure that ransomware will not disrupt their operations or those of their supply chains – making assessing partners’ security posture just as important as assessing their own. Updating ransomware risk management efforts to include SmartCheck for Ransomware to better address their ever changing risk environment will put organisations in a much better position to combat the threat of ransomware,” said Woollacott.

Opsview Introduces Two New Products – Opsview Log Analytics and Network Topology

Opsview, a firm that delivers a broader view into dynamic IT operations, has released two new products: Opsview Log Analytics and Network Topology.

Opsview Log Analytics connects with Opsview Monitor and Opsview Cloud to assist IT Operations teams in identifying the root causes of warnings and predicting security problems before they cause business disruption. These critical log events are directly correlated with metrics in Opsview’s IT infrastructure monitoring solution, resulting in a single pane of glass view with detailed insights that show employees why issues come up.

“Opsview Log Analytics automates the manual processes of log management. Combined with Opsview Monitor and Opsview Cloud, it provides a faster time to resolution for IT Operations teams. With SIEM functionality, Opsview Log Analytics correlates events and identifies security incidents such as brute force attacks or DDoS,” said Mike Walton, CEO of Opsview.

With the inclusion of Network Topology to the Opsview Network Analyzer module, IT Operations teams can collaborate with their networking teams to create a unified view of an organization’s IT estate. Network Topology automates network discovery, lowers the security risk of unidentified hosts in the environment, and detects network misconfigurations.

“With Opsview’s Network Topology providing overlays with real-time status information, this will provide valuable time savings to IT teams as well as reducing potential security risks. The risk of the unknown is drastically reduced with Network Topology,” said Scott Heyhoe, VP Products at Opsview.

Cohere Cyber Secure and SecurityScorecard formed Partnership to Enhance Cybersecurity of Financial Sector

Cohere Cyber Secure announced a partnership to provide cyber ratings for clients and cooperatively push market penetration with a single integrated solution of SecurityScorecard, the worldwide market leader in cyber security ratings. These include the most recognised financial firms worldwide, including different groups of registered investment advisors, private equity, portfolio managers, hedge funds, and LBO funds. As part of this partnership, Cohere will include the monitoring capabilities of SecurityScorecard in our security operations using SIEM technology from Cohere to constantly monitor and mitigate possible cyber threats, both on- and in the cloud.

“Financial organizations are the biggest target for cyber criminals, and security teams need a comprehensive and compliant cybersecurity strategy that provides in-depth intelligence,” says Aleksandr Yampolskiy, CEO at SecurityScorecard. “This partnership provides real actionable insights into the real-time threats facing financial organizations, and ensures that they will maintain the strongest possible security posture and conform to industry compliance standards.”

The combined Cohere solution offers a 360-degree vision and addresses essential safety issues including risk and vulnerability assessment, risk detection, real-time monitoring, response to incidents and regulatory reporting. Partnership clients can check their SecurityScorecard rating and extend that support to their portfolio and selling companies. This complete solution provides on-going monitoring to ensure that organisations are able to maintain the most safe financial services for their customers. Customers can also generate complete monthly or on-demand cyber-based health reports for governance committees and regulators as a tightly interconnected solution.

“Security organizations are often hamstrung by only looking within their cyber borders with an inside-out view into their vulnerabilities, and often have to break up monitoring tools with multiple outside vendors,” says Steven Francesco, Chairman and CEO at Cohere Cyber Secure. “Investors, customers, regulators, CISO’s and compliance officers can rest easier knowing our solution keeps your company safe and secure.