About Us

SECURITY ANALYTICS

 

Security analytics is a method of threat detection and security monitoring that employs data collecting, aggregation, and analysis technologies. Security analytics technologies enable organizations to evaluate security events to discover possible attacks before they have a detrimental impact on the company’s infrastructure and bottom line.

To detect, evaluate, and mitigate internal risks, as well as persistent cyberthreats and targeted attacks from external bad actors, security analytics integrates big data skills with threat intelligence.

Cybersecurity analytics are significant because they allow IT, security teams to take control of cybersecurity monitoring. Security analytics can help your organization get insight across its whole IT ecosystem, enabling faster threat detection and the automation of more manual security activities.

The Role of Security Analytics

Security analytics is a developing field with a lot of potential for enterprises that want to remain on top of vulnerabilities and stay one step ahead of cybercriminals.

A number of factors are driving the expansion of security analytics, including:

Transitioning from protection to detection: Hackers deploy a variety of attack strategies to exploit numerous vulnerabilities. For months, certain risks can go undiscovered. Security analytics systems can monitor common threat trends and send notifications when anomalies are identified.

A unified perspective of the enterprise: Security analytics organizes data in such a way that it can be viewed in real-time as well as in the past. This enables smarter planning, faster resolution, and better decision-making by providing a unified view of risks and security breaches from a central console.

Seeing outcomes and getting a return on investment: IT teams are under increasing pressure to convey their findings to senior management and stakeholders. Security analytics enables analysts to quickly identify risks and respond to security breaches by providing time-to-resolution metrics and fewer false positives.

 

BENEFITS OF SECURITY ANALYTICS

Organizations benefit from security analytics technologies in numerous ways:

1. Early detection and response to security incidents. To detect threats or security issues in real-time, security analytics solutions analyze data from a variety of sources, connecting the dots between various events and alerts. The security analytics software does this by analyzing log data, combining it with data from other sources, and identifying correlations between events.

2. Adherence to regulatory standards. Compliance with government and industry laws is a primary motivation for security analytics technologies. Security analysis tools integrate a wide range of data types to give companies a single, unified view of all data events across devices, as required by regulations like HIPAA and PCI-DSS.

3. Improved forensics capabilities. For performing forensic investigations into occurrences, security analytics technologies are extremely useful. Security analytics tools can reveal the source of an attack, how a compromise occurred, what resources were affected, what data was lost, and more, as well as a timeline for the incident. Being able to recreate and analyze an incident might assist to inform and enhance organizational defenses in the future, ensuring that similar incidents do not occur.

Uses of SECURITY ANALYTICS

From boosting data visibility and threat detection to network traffic analysis and user behavior tracking, security analytics offers a wide range of applications. The following are some of the most common security analytics use cases:

  • Employee monitoring
  • Detecting data exfiltration by attackers
  • Detecting insider threats
  • Identifying compromised accounts

Above all, through the correlation of actions and alarms, security analytics aims to turn raw data from various sources into actionable insights in order to identify situations that require prompt attention. Security analytics technologies do this by adding a critical filter to the massive amounts of data provided by people, apps, networks, and other security solutions.

SilverSky Acquired Cygilant, Expanding its UK Presence and Adding Renowned Data Research Talent

SilverSky, a cybersecurity service provider that offers professional managed detection and response (MDR) services, announced that it has completed the acquisition process of Cygilant, based in Burlington, Massachusetts.

ITOCHU International, Inc., the North American flagship company of Tokyo-based ITOCHU Corporation, made a strategic investment of $31.5 million in SilverSky in October 2021, according to SilverSky. In August 2021, SilverSky announced the completion of its acquisition process of New Jersey-based Advanced Computer Solutions Group, LLC (ACSG), which provided the firm a major client base in the US education sector and was the first in a series of planned acquisitions.

Cygilant, a major cybersecurity-as-a-service company, has a security operation centre (SOC) in Belfast, Northern Ireland, and employs some of the world’s top Ph.D.-level cybersecurity, advanced networks, and data science expertise. The acquisition of Cygilant’s UK-based delivery centre expands SilverSky’s access to European marketplaces while complementing the company’s current footprint in Asia and North America.

“Alongside our recent growth-related announcements, this acquisition of Cygilant, a cybersecurity-as-a-service and threat-intelligence powerhouse, helps to further galvanize our efforts to globally expand the SilverSky presence as well as retain and nurture some of the industry’s best cybersecurity and data science talent. Cygilant shares our commitment to rich-service offerings that are unmatched in the industry. We’re pleased to welcome the Cygilant team and their customers,” said Richard Dobrow, CEO at SilverSky.

“We are excited to join SilverSky. This represents a significant next-chapter of the Cygilant journey, as our innovative SOC capabilities and deep bench of cybersecurity expertise are combined with one of the industry’s most comprehensive MDR offerings. The outcome for our customers will be access to the collective set of broader managed services that will continue to enrich their cyber protections and strengthen their security posture,” said Rob Scott, CEO and President at Cygilant who will be joining SilverSky as its Chief Strategy Officer.

Cybereason and CYDERES Form Partnership to Bring Managed Detection and Response to Market

Cybereason, the industry leader in operation-centric attack management and CYDERES, Fishtech Group’s security-as-a-service business and a Top 25 MSSP, made a strategic agreement to provide enhanced security detection and incident response to present and future managed security clients.

The Cybereason Defender’s League, a worldwide partner community newly introduced by Cybereason, is designed to reward partners like CYDERES by enhancing their margins and profitability. CYDERES will be a strategic MDR vendor for Cybereason, assisting in the reversal of the adversary advantage throughout the cybersecurity risk environment.

“Combining Cybereason’s award-winning Cybereason Platform with the CYDERES MDR solution will help return defenders to higher ground above threat actors,” said Lior Div, CEO and Co-founder, Cybereason. “Cyber attacks on endpoints can be stopped and it is our mission to work closely with CYDERES to make cybercrime and espionage unprofitable.”

The Cybereason Defense Platform, which integrates endpoint detection and response with next-generation anti-virus and a proactive threat hunting platform to decrease cyber risks, will be available to CYDERES and Cybereason’s joint clients immediately. End users will be better prepared to cope with around-the-clock cyber threats.

“We believe our customer’s core success is found in automating and operationalizing their security programs cost effectively at scale. We‘re excited to bring our portfolio to Cybereason’s Defenders League as we work together to help organizations manage risk, detect threats, and respond to security incidents in real-time,” said Gary Fish, CEO and founder of Fishtech Group.  

CYDERES has prevailed the momentum it has built since its beginning by forming strategic alliances and adding new features and services to deliver a strong 24/7 Security-as-a-Service offering for any computing system.

Rapid7 acquired Threat Intelligence specialist IntSights

Rapid7, leading security analytics and automation company, announced the acquisition of IntSights Cyber Intelligence Ltd., a leader in contextualized external threat intelligence and proactive threat remediation. Rapid7 will pay around $335 million in cash and stock for IntSights.

Rapid7 will merge its community-infused threat intelligence and deep understanding of customer environments with IntSights’ external threat intelligence capabilities following the acquisition of IntSights. This combination is aimed at giving clients a unified view of threats, relevant insights, attack surface monitoring and proactive threat mitigation for businesses of any size or security maturity level. Rapid7’s industry-leading cloud-native extended detection and response (XDR) service, InsightIDR, is enhanced by this purchase, which enables high-quality, high-fidelity alerts for efficient security operations, early threat identification, and faster response times.

IntSights enables enterprises to get the full benefits of a threat intelligence program, regardless of its extent or sophistication, while also decreasing security professionals’ burden. Unlike many other threat intelligence systems on the market today, IntSights can help security operations teams achieve the productivity and outcomes they need by providing continuous coverage for external threats, from detection to mitigation to remediation.

Rapid7’s Insight Platform is almost total security operations platforms available today, with highest capacity in detection and response, vulnerability management, cloud security, application security, and security orchestration and automation. In addition to improving its XDR service and providing a standalone threat intelligence offering, the business plans to integrate IntSights’ external threat intelligence capabilities into its platform to enable faster threat detection and remediation across the organization’s complete solution offering. Foros worked as financial consultant to Rapid7.

“Cyber security is a lopsided battle today and the odds consistently favor attackers. Both IntSights and Rapid7 have a shared belief that organizations will succeed only when they have a unified view of internal and external threats, complete with contextualized intelligence and automated threat mitigation which will allow security teams to focus on the most critical threats. We look forward to working with IntSights to make this vision a reality for our customers,” said Corey Thomas, chairman and CEO, Rapid7.

“There’s no shortage of threat intelligence information available today, but much of it lacks context, creating too much alert noise and additional work for already overburdened security teams. By integrating IntSights’ external threat intelligence capabilities into Rapid7’s XDR solution, InsightIDR, we expect to provide security teams with expanded visibility and detections of internal and external threats across their traditional and modern environments—enabling them to quickly pivot into investigations, threat hunting and containment automation all within a unified experience,” said Richard Perkett, senior vice president of detection and response at Rapid7.

“We founded IntSights to make threat intelligence instantly accessible and actionable for organizations of any type or size. We are excited to join Rapid7 to continue this mission and to bring our threat intelligence capabilities to even more customers,” said Guy Nizan, co-founder and CEO at IntSights.

“With today’s sprawling attack surface and the sophistication level of threat actors, I can’t overstate the importance of a solid threat intelligence program. Threats can come from anywhere, which is why having visibility into your internal and external threat landscape is imperative. With the acquisition of IntSights, Rapid7 is well positioned to bridge the threat intelligence gap, giving customers the ability to identify real threats earlier and accelerate response and automate remediation,” commented Jon Oltsik, senior principal analyst and fellow at the Enterprise Strategy Group (ESG).

1Password Launches Events API To Provide Real-time Data Streaming To Third-party Platforms

1Password, the industry leader in enterprise password management, announced the release of Events API, a new way for security teams to gain more data visibility and actionable insights. While events have always been available to administrators in 1Password, this new feature focuses on the information available by allowing events to be piped directly to tools like Splunk and other SIEM platforms, providing a holistic view that can be correlated with data from other sources.

In commercial contexts, the number of attacks and breaches has never been higher. While recent news cycles have focused on the most serious incidents, smaller but harmful attacks occur on a daily basis, if not more frequently. Losses from cybercrime have increased six times by 2020. Nearly half of the organizations in the United Kingdom have experienced some type of cybersecurity attack, with the average cost of a data breach approaching $4 million.

According to 1Password’s own research, 77 percent of DevOps and IT experts admitted to still having access to prior employers’ infrastructure, posing a significant security risk to affected firms.

1Password is the first line of defence for over 80,000 corporates globally securing passwords, confidential documents, and infrastructure secrets to protect their employees, customers and intellectual property. This  announcement is yet another step in solidifying the company’s position as a reliable enterprise solution for safeguarding mission-critical data. The 1Password Events API extends beyond the platform, allowing event data to exit while maintaining client privacy and data security.

Jeff Shiner, CEO of 1Password said, “With today’s launch of the 1Password Events API, our enterprise customers are able to access far deeper information than ever before, and most importantly, that information can now be used in an actionable way through the SIEM tools already in place. This will enable administrators to prevent future attacks, and if something does happen, take fast and decisive action. We’ve managed to do all this while protecting the privacy and security of our customers.”

Brian Jack, CISO at KnowBe4 said, “We’ve been using 1Password for over 4 years and it’s been a huge asset in securing our employee passwords and other sensitive information. With over 1000 employees, understanding who is accessing and using data within 1Password is very important to us. Events API has allowed us to integrate with our SIEM and use that data to highlight suspicious activity that will help us protect against future threats, as well as enabling us to quickly react to any active insider attack, should it ever happen.”

ThreatWarrior declares around $10 Million Series A Funding Led by Ecliptic Capital, CrowdStrike Falcon Fund, and Alumni Ventures Group

ThreatWarrior, a specialist in cloud-native network threat intelligence, announced the completion of a $10 million Series A round funding led by Ecliptic Capital. CrowdStrike Falcon Fund and Alumni Ventures Group were among the investors in the oversubscribed round. This new fund will be utilised to help the organization accelerate its progress, support product development, and enhance its go-to-market strategy.

ThreatWarrior’s threat intelligence platform assists security analysts in intelligently prioritizing and triaging warnings, delivers detailed and actionable information throughout the company, substantially reducing false positives and alert fatigue. The AI-powered solution allows clients to view everything that is going on across their company while also boosting threat analysis, investigation, and actions on all threat activity.

“The fundamental shift toward cloud computing and hybrid deployment models has exposed companies across all industries to increasingly sophisticated cyberattacks. Our platform provides the real-time intelligence and predictive analysis organizations need to stay ahead of bad actors, wherever they strike. When attacks do surface, ThreatWarrior cuts through the noise and helps security teams focus on actual threats – not false alarms. That’s the way cybersecurity should be,” said Bruce Coughlin, CEO at ThreatWarrior.

“ThreatWarrior is helping solve a critical problem in the cybersecurity industry — a lack of contextual intelligence and visibility across the enterprise, including public cloud environments. ThreatWarrior aggregates intelligence, analyzes behavior and correlates context on-premises and in the cloud to identify attacks wherever they occur. CrowdStrike is proud to support continued innovation in the cybersecurity industry by participating in ThreatWarrior’s Series A,” said Michael Sentonas, Chief Technology Officer at CrowdStrike.

“We are proud to be long-term partners for the companies we invest in, and we are thrilled to lead the Series A for ThreatWarrior. ThreatWarrior has built a stellar leadership team with deep experience in delivering best-in-class products and services. Their platform provides contextualized alerting that eliminates the noise allowing the security team to prioritize response to the alerts that matter. Its network behavioral analysis is addressing head-on the critical market need and its category-creating Supply Chain Threat Detection offering couldn’t be more timely,” said Adam Lipman, Co-founder and Managing Partner at Ecliptic Capital.

Cybereason Raises $275 Million in Crossover Financing to Expand Its XDR Leadership Globally

Cybereason, the specialist in operation-centric cyber attack protection, declared that it has raised $275 million in financing led by Liberty Strategic Capital, with contributions from Irving Investors, certain Neuberger Berman Investment Advisers LLC funds, and Softbank Vision Fund 2. The company’s success as the foremost inventor in offering XDR, EDR, EPP, and anti-ransomware solutions is validated by this latest round of funding. The funds will be used to support Cybereason’s hypergrowth, which has been driven by strong market demand for its AI-powered Cybereason Defense Platform. Softbank Group, CRV, Spark Capital, and Lockheed Martin previously invested $389 million in the company.

The Cybereason Defense Platform, unlike typical alert-centric models, is operation-centric, exposing and terminating complete “malicious actions” (MalOps). A MalOp discovered by Cybereason isn’t just another warning; it’s a fully contextualized view of all components of a cyberattack as it progresses across an organization. Because today’s experienced cybercriminals construct cyberattack operations rather than single-target attacks, the ability to detect MalOps is critical to successfully combating current cyber threats, particularly advanced ransomware. The attacker’s goal is to spread malware across the entire organization, and they’re well-organized and funded.

“Cybereason is fast becoming the global leader in cyber defense technology, and we could not be more pleased to make this extraordinary innovator the first addition to Liberty Strategic Capital’s portfolio. Cybereason has established itself as a visionary in prevention, detection and response, and Liberty Strategic Capital is excited to partner with the Cybereason team in their cutting-edge work to defend critical information networks, businesses, and governments around the world against the growing danger of cyber attacks. We are confident in Cybereason’s ability to deliver a superior product to customers and provide best-in-class critical infrastructure defense.” said Secretary Mnuchin, Founder and Managing Partner of Liberty Strategic Capital.

“Over the past year, we’ve experienced hypergrowth across the globe as defenders recognize that ending advanced attacks isn’t possible using solutions that rely on meaningless alerts and human intervention. Existing – even ‘next-gen’ – solutions are fundamentally flawed, creating the dynamic we have today where the defender is constantly struggling to keep pace with attackers. Unlike our prolific alert-generating competitors, Cybereason takes an approach that enables defenders to end malicious operations instantly, resulting in the most comprehensive prevention, detection and response solution on the market. This is how we are returning the high ground to the defenders – and we are just getting started,” said Lior Div, CEO and co-founder of Cybereason.

ColorTokens Launches Xaccess, Enhancing its Xtended ZeroTrust™ SaaS Platform for Zero Trust Access

ColorTokens, a Zero Trust cybersecurity platform company, introduced a new product Xaccess, a SaaS module within its Xtended ZeroTrustTM Platform that enables clients to provide secure Zero Trust access for remote staff members, third parties, or contractors connecting to cloud or data center-based applications or data. Xaccess also offers clients a single integrated solution across numerous user access requirements and across cloud or hybrid apps and data repositories when combined with broader capabilities in the Xtended ZeroTrustTM Platform.

“Providing the right level of access is a common problem that many enterprises face, irrespective of whether they are dealing with different users accessing cloud workloads or providing controlled access to a legacy application in their data center or setting up access policies for their data fabric architecture. Xaccess not only allows our customers to define intelligent, user identity-based access, but also handle more common and complex use cases such as enabling remote IT admins with deeper access specifications or session-based access needed for multi-user terminals. Customers can also avail themselves of our broader platform capabilities to define restricted levels of access for specific crown jewel applications or sensitive company data stores or enforce process-level controls at less-trusted accessing devices, making Xaccess one of the most advanced access products available to customers in the market today,” said Vats Srivatsan, President and Chief Operating Officer at ColorTokens.

Satyam Tyagi, Senior Director of Product Management at ColorTokens said, “Xaccess is a true Zero Trust-based solution that brings a rich context of threats, reputation feeds, and vulnerabilities into the access decision. Its ML-based access engine dynamically autogenerates access policies based on risk, usage, and disruption metrics. We further have the capability to isolate breaches at workloads or endpoints/users and thus limit the blast radius in our extended platform.”

“We chose ColorTokens over other offerings in the market to benefit from their single-platform approach to implementing Zero Trust workload segmentation and Zero Trust access. ColorTokens secured our full computing infrastructure, spanning our users, devices, apps, and workloads. With one console, we gained broad and deep visibility of our access, full context awareness, and the ability to tie user access to specific application segments. This would have been nearly impossible to achieve with a VPN or single tool for each environment approach,” said Martin Cherry, Managing Director at Banntech, a U.K.-based managed services provider.

“As companies re-evaluate security, in light of digital transformation and recent attacks, the appeal of Zero Trust has grown tremendously. At the same time, the practical considerations and challenges of operationalizing Zero Trust have become increasingly apparent. IDC believes that a cloud-delivered, infrastructure-agnostic platform design used by ColorTokens provides a worthy blueprint for accelerated implementation for organizations in their Zero Trust journey,” added Michael Suby, Research Vice President of Security and Trust at IDC.

Sophos extends Linux cybersecurity ecosystem with Capsule8 acquisition

Capsule8, a pioneer and market leader in runtime visibility, detection, and response for Linux production servers and containers encompassing on-premise and cloud workloads, is acquired by Sophos, a global leader in next-generation cybersecurity.

“Sophos already protects more than two million servers for over 85,000 customers worldwide, and the Sophos server security business is growing at more than 20% per year. Comprehensive server protection is a crucial component of any effective cybersecurity strategy that organizations of all sizes are increasingly focused on, especially as more workloads move to the cloud. With Capsule8, Sophos is delivering advanced, differentiated solutions to protect server environments, and expanding its position as a leading global cybersecurity provider,” said Dan Schiappa, chief product officer, Sophos.

Capsule8 is completely focused on the development of Linux security, and it has positioned itself as a market technology and thinking leader. Linux has surpassed Windows as the most popular operating system for server workloads, thanks to the rapid rise of cloud platforms. The high-performance, low-impact design of Capsule8 is suitable for Linux servers, particularly those that are utilised for high-scale workloads, production infrastructure, and storing vital corporate data.

“The main idea behind Capsule8 is that providing enterprise-grade security for Linux systems requires deploying components that are designed specifically for that environment. These components are more adept at making the trade-offs between security and performance when needed, to achieve the desired levels of resilience and protection. As organizations move to embrace concepts such as cloud-based delivery and DevOps, the underlying compute environments shift noticeably toward Linux as a frequent execution environment. For security teams, often more familiar with Windows-centric concepts, this represents a potential challenge – there are different demands, concepts and practices for Linux. This is the space that Capsule8 aims to address with its endpoint security offering, combining an architecture optimized for Linux with more features aimed at enterprise security and IT operations teams,” said Fernando Montenegro, principal research analyst with 451 Research, part of S&P Global Market Intelligence, in reference to Capsule8’s solutions.

Sophos has integrated Capsule8 technology into its Adaptive Cybersecurity Ecosystem (ACE), which provides robust and lightweight Linux server and cloud container protection within an open platform. Sophos’ Extended Detection and Response (XDR) solutions, Intercept X server protection products, and Sophos Managed Threat Response (MTR) and Rapid Response services will all use Capsule8 technology. Sophos’ data lake will be expanded and enhanced, delivering continuous, fresh intelligence for advanced threat hunting, security operations, and client protection procedures.

“Capsule8 is the premiere purpose-built detection and response platform for Linux. We provide security teams with the crucial visibility they need to protect Linux production infrastructure against unwanted behavior, while at the same time addressing cost, performance and reliability concerns,” said John Viega, CEO, Capsule8. “We’ve innovated new approaches to deliver runtime security in a much safer and more cost-effective way than anyone else in the industry. With Capsule8’s technology, organizations are no longer forced to choose between system stability and security risk. Given the growth and mission-critical nature of Linux environments, and the fast-changing, targeted threat landscape, organizations must be confident that their Linux environments are both performant and secure.”

“Attackers today are incredibly aggressive and nimble as they adapt their TTPs to focus on the easiest, largest or fastest-growing opportunities. As more organizations shift to Linux servers, adversaries have noticed, and they are adapting and customizing their approaches to attack these systems. To stay protected, organizations must factor in a strong, but lightweight layer of Linux security that automatically integrates and shares intelligence with endpoint, network and other security layers and platforms within an estate. We will provide this industry-leading capability and strategically important visibility and detection by combining Capsule8 with our Adaptive Cybersecurity Ecosystem products and services, greatly enhancing the ability to find and eliminate suspicious activity before it becomes malicious,” said Schiappa.

XYPRO and Hewlett Packard Enterprise are expanding their partnership to offer a full suite of security solutions on HPE NonStop systems

XYPRO Technology Corporation (XYPRO), a global leading organization in cybersecurity,  identity management, analytics and secure database management software, announced the expansion of a decades-long cooperation with Hewlett Packard Enterprise (HPE) to deploy its whole package via HPE NonStop systems. HPE NonStop systems, which are designed for mission-critical situations that require 100 percent fault tolerance, now include extended XYPRO solutions for improved threat detection and security management capabilities.

This expansion is in line with XYPRO’s growth plan and broadens the availability of mission-critical database management, security, and integration solutions into new sectors throughout HPE’s customer base. XYPRO’s flagship product, XYGATE SecurityOne, a patented security, compliance, and threat detection platform, and XYGATE Identity Connector, the first and only Sailpoint and CyberArk integrations for HPE NonStop systems, are among the solutions that help customers protect their mission-critical environment. Customers can now use HPE NonStop systems to meet criteria for securing and monitoring mission-critical investments.

HPE offers the whole XYPRO cybersecurity product family, including XYGATE SecurityOne (XS1) and Integrations.

“In our history of delivering risk management solutions for HPE NonStop systems customers longer than anyone has, we strive for meaningful and strategic business relationships while providing great support and leading edge security solutions. Our strong relationship with HPE is why several XYPRO solutions have shipped with the HPE NonStop operating system for more than a decade,” said Lisa Partridge, CEO, XYPRO. “Making the rest of the XYPRO’s solution suite available through HPE further strengthens security within the HPE NonStop system ecosystem, providing customers security and consistency at significant value.”

“Ensuring reliable cybersecurity and management capabilities is critical for customers running always-on, 100% fault-tolerant environments with sensitive data exchange,” said Jeff Kyle, vice president and general manager, Mission Critical Solutions, HPE. “By building on our long-standing partnership with XYPRO to expand security capabilities with new analytics and automation features on our HPE NonStop systems, we are furthering our ability to deliver trusted platforms for mission-critical needs that are easy to manage while meeting strict data governance requirements.”