451 Research LLC - Experts & Thought Leaders

Graylog, a global provider of next-generation log management and SIEM solutions, is announcing Graylog Security, Thursday, October 21st, at their annual user conference, Graylog GO. Designed to overcome legacy Security Information & Event Management (SIEM) challenges, Graylog’s scalable, flexible cybersecurity platform makes security analysts’ jobs easier and faster. With SIEM, Anomaly Detection, and User Entity Behavior Analytics (UEBA) capabilities, Graylog’s security solution will provide security teams with even greater confidence, productivity, and expertise to mitigate risks caused by Insider Threats, credential-based attacks, and other cyber threats. Log management solutions “Too often, security analysts struggle with SIEM and log management solutions that are complex, slow, noisy, rigid, unscalable, and expensive,” said Andy Grolnick, CEO of Graylog. “Graylog Security overcomes these long-time challenges and provides the right path for security success.” Graylog Security provides a superior user experience that adapts to customer environments This is backed up by research showing that many systems continue to go unmonitored and, on average, 37% of security alerts go uninvestigated due to security analysts being overwhelmed. (Voice of the Enterprise: Information Security, Vendor Evaluations Advisory Report, published by 451 Research, October 8, 2021). For security professionals who need technology to make their jobs easier, not more complex, Graylog Security provides a superior user experience that adapts to customer environments and grows as the business grows. Most critical alerts Graylog Security provides: 90%+ reduction in false-positive security alerts through UEBA/anomaly detection Over 50 pre-built security scenarios based on MITRE ATT&CK and intelligence community standards plus real-life adversarial examples Implementation times with a machine learning engine that self-trains with only 7 days of historical data and improves over time without manual tuning User-friendly investigation capabilities paired with Graylog’s lightning-fast search engine to get to the root cause and eliminate security risks in minutes or hours, not weeks or months Risk models that identify metrics dynamically, adapting to an organisation and its priorities to ensure the most critical alerts are addressed first Integration with Security Orchestration, Automation, and Response (SOAR) platforms Helping security professionals With its ease of use, speed, and proactive security that scales up and down, and built-in expertise that eliminates the need and cost of hiring a Ph.D. Data Scientist, Graylog Security is the ideal solution for those new to SIEM or those frustrated by their current SIEM offerings. Graylog Security can be purchased directly through Graylog or through the Graylog Partner Network, which is ready to help security professionals worldwide tailor their experience to get the most out of Graylog.

ExtraHop, the provider of cloud-native network detection and response, announces a suite of new features designed to streamline the secure adoption and implementation of IoT in the enterprise. ExtraHop® Reveal(x)™ now provides advanced discovery, classification, and behaviour profiling for enterprise IoT devices, providing visibility from the device to the service layer. These latest enhancements extend Reveal(x) capabilities to the enterprise IoT device edge, providing complete visibility, detection, and response across the attack surface without the need to implement narrow point solutions. Consistent growth in enterprise IoT usage IoT reduces operational friction, making businesses more efficient and employees more productive IoT reduces operational friction, making businesses more efficient and employees more productive. But this comes at a cost. IoT moves computing power to the edge, vastly expanding the enterprise attack surface, and without visibility into what devices are connecting to the network and what resources they are accessing, it leaves organisations vulnerable to threats. “Our research points to consistent growth in enterprise IoT usage which, along with other enterprise initiatives, has led to a growing attack surface,” said Fernando Montenegro, Principal Analyst, Information Security, 451 Research. “This leads to increased demands from enterprise security teams for visibility into network traffic, analysis for detection of threats, followed by remediation as needed.” Continuous behavioural monitoring With the latest release, ExtraHop Reveal(x) now provides the visibility, detection, and investigation capabilities security and IT organisations need to continuously secure and manage expanding IoT deployments. Continuous Device Discovery and Classification discovers, identifies, and profiles all IoT devices and services to deliver complete visibility without friction to IT and Security Operations teams. Device Behaviour Profiling extracts rich L2-L7 data from network and cloud traffic, enabling deeper analysis across devices at the service level. When paired with cloud-scale machine learning from ExtraHop, this data is correlated with other network events to rapidly and accurately detect threat patterns for immediate response. This provides organisations with continuous behavioural monitoring and detection for IoT devices such as VoIP phones, printers, IP cameras, wearables, and smartboards. Guided Investigation automatically gathers contextual information, related detections, and packet level details into a single workflow to streamline and accelerate response actions, enabling security analysts and threat hunters to quickly determine the impact and scope of an IoT event and easily drill into forensic level details. IoT Security Hygiene helps security and IT operations teams address issues such as IoT devices and services using unencrypted communications, and when discovered, can automate response actions with other systems like creating a ticket or isolating devices on the network. Network detection and response solution “We believe that enterprise IoT is a strong fit for ExtraHop's network detection and response solution. Not only do we discover the presence of IoT devices, identifying make and model, but we also automatically segment into peer groups to detect suspicious behaviours and potential threats.” said Jesse Rothstein, CTO and co-founder at ExtraHop. “Reveal(x) enables organisations to truly understand the level of risk a device poses and provides situational awareness of the environment.” Enterprise IoT Security features are now globally available with ExtraHop Reveal(x) platform.

The average cost of a malware and web-based attack on a business is US$ 1.4 million (Accenture study), yet even with destructive malware attacks up 200% in 2019, thousands of business websites remain vulnerable to attacks. Sectigo, globally renowned commercial Certificate Authority (CA), is taking a giant step to help businesses protect themselves from new and emerging web-based threats with the introduction of Sectigo Web Security Platform. Sectigo Web Security Platform With this release, Sectigo is the first CA to introduce an all-in-one; cloud-based solution bundled with TLS/SSL certificates so that customers can easily identify threats and quickly patch vulnerabilities for their CMS from an all-new comprehensive management portal. Through the platform, customers can automate daily scanning for vulnerabilities, receive proactive notifications, and instantly remove the malware found within the code, database, or files on the web server. In addition, the platform automates daily website backups so that customers can restore their sites when needed with a single click. Coming in future releases are advanced features to accelerate website performance with a global Content Delivery Network (CDN) and Domain Name System (DNS), and to increase protection with a Web Application Firewall (WAF). Cloud security Research points to security as the number one area of concern for companies working to optimise their cloud presence" "Our research consistently points to security as the number one area of concern for companies working to optimise their cloud presence," said Fernando Montenegro, Principal Analyst at 451 Research. He adds, "Expanding security coverage, leveraging automation, and consolidating web security functionality into fewer vendors are strategies that many organisations, particularly those with significant resource constraints, may benefit from exploring. Sectigo's move into offering additional services beyond traditional certificate services fits well into this narrative." Enhanced capabilities for SSL customers The new Sectigo Web Security Platform brings new capabilities to SSL customers, reflecting the increasing requirement for companies to move beyond basic encryption to ensure complete website security. Sectigo has enabled customers to easily select the functionality they need from product bundles available through Sectigo retail sites, hosting partners, and other resellers. The new product bundles include: Sectigo Web Monitor – Available with all SectigoSSL, PositiveSSL, and InstantSSL certificates, includes: Sectigo Web Detect – Automatically scans up to five website pages once daily for critical security issues such as malicious infections, spam listings, vulnerabilities, blacklisting, and more. Malware Detection – Stops search engines from blacklisting a website by proactively sending alerts about security issues before crawlers detect them. Vulnerability Detection – Monitors a website daily for security vulnerabilities found n the following Content Management Systems (CMS): WordPress, Joomla!, Drupal, WooCommerce, PrestaShop, and Magento. SPAM and Blacklist Monitoring – Scans a website’s IP address and domain name daily against multiple spam databases and delivers alerts about potential email blacklisting. Sectigo Web Remediate – Available with the all-new SectigoSSL Pro certificates, includes: Enhanced Sectigo Web Detect – Increases scanning for up to 500 website pages and databases. Sectigo Web Clean – Safeguards a website against cybercriminals and other online security threats, automatically removing active infections from website files and any MySQL database without disrupting site functionality. Sectigo Web Patch – Scans daily to automatically detect critical weaknesses found in the company’s content management system (CMS) or database and proactively patches these vulnerabilities before cybercriminals can exploit them. Security patches are automatically deployed when new CMS versions are released for 7 of the most popular WordPress plugins, enabling website owners to complete full-version updates within their designated timelines. Plugins include: tact Form 7, Yoast SEO, Jetpack, All-in-one SEO Pack, TinyMCE, Google XML Sitemaps, WordPress Importer, and Easy WP SMTP. Sectigo Web Patch also protects a company’s most valuable online assets from cybercriminals by automatically patching security vulnerabilities found in leading ecommerce platforms, including WooCommerce, Magento, and PrestaShop. Sectigo Web Backup and Restore – Reverses damage caused to a website through a one-click restore option. Utilising sophisticated version control software, Web Backup and Restore provides incremental agent-less backups and empowers users to oversee their network of websites—with any mix of CMSs—all in one place. "Website owners and organisations of all sizes must look beyond an SSL certificate to protect against new and emerging threats. With this launch, our certificates provide more value to customers and give the world a new way to think about Certificate Authorities and the security offerings provided to our channel partners and collective customers," said Michael Fowler, President of Channel Partners, Sectigo. Easy-to-use single API “Sectigo’s new Web Security Platform also offers opportunities for our partners around the world to differentiate themselves from competitors, while increasing revenue and maintaining customer retention by offering multiple solutions via an easy-to-use, single API,” added Mr. Fowler.

The ‘new normal’ was all we heard about when it came to the working model shift after the pandemic hit. Businesses worldwide adopted working from home, and then the hybrid model: a balance of remote work and office work. And according to a recent survey by 451 Research, nearly 80% of organisations surveyed said they have implemented or expanded universal work-from-home policies as a result of COVID-19, whilst 67% expect these policies to remain in place either permanently or for the long-term. With more vacant office spaces, the question is: is hybrid working a red flag for business security? Empty-office days When buildings and office spaces are still active with advanced technology, equipment and assets on show, yet footfall is not as busy as it once was, opportunistic criminals are closely watching and taking note. But what are they learning? Security systems provider, Expert Security UK, investigates our new normal. Offices are nests for expensive, valuable equipment, with maybe the latest technology Instead of a packed, busy office five or six days a week, hybrid working means more empty-office days, which is music to the ears of burglars. Offices are nests for expensive, valuable equipment, with maybe the latest technology and safes sitting there, or potential stacks of cash or company cards. You may be thinking, well, who leaves company cards or cash out? You’d be surprised, especially when business owners think they’ll never be a victim, or sometimes, staff make mistakes. Hybrid working model And don’t forget, burglars don’t always know what’s been left and will take their chances. And when a hybrid working model is the ‘new normal’, that means a lapse in security - at least in a thief’s mind. So how worried should business owners be? Well, the latest figures are pretty worrying, but also, not massively shocking. Reiterating the temptation and lure the working model shift has on robbers, Statista recorded a 12-year high for robbery offences in the UK in 2019/2020. When more businesses either shut up shop or sent staff away to home offices, it’s not hard to make a connection. These figures reflect how, when given the opportunity, thieves will strike and take advantage. Handing vital information Whether you’ve decided to go fully remote, it’s crucial to review and rethink your business security However, it’s worth noting that the lockdowns and empty streets would also have played a part in this spike, and now that we’re out of lockdowns with a world back to flipping its sign to ‘open’, many businesses will be carrying on working from home, but towns, shops, and streets are busy again. Whether you’ve decided to go fully remote, or have adopted the hybrid model, it’s crucial to review and rethink your business security, starting with your social media presence. It’s a good idea to review your social media channels. We forget how open we can be on social media, and how our digital presence can actually work as a perfect guide and insight for criminals. All they have to do is follow your channels to pick up on clues. And if you’re not giving it a minute’s thought about what you're putting out there, you may even be just handing them vital information and helping their plans. Remote working shift Of course, there is information readily available such as your opening times, location etc. But, do you really want/need to show off the new, state-of-the-art tablets you’ve just kitted your office out with? It can be hard as a business, or even as a social person, to not want to share positive news on social media, but we really do have to stop and think, especially if people know a lot about the company and its remote working shift. It’s also a good idea to have a meeting with your staff about a social media policy Maybe share a post about that new, intelligent security system you've installed instead. It’s also a good idea to have a meeting with your staff about a social media policy or maybe just a casual chat about best practices, e.g. not to tag the business in a post about their new office gadget etc. Improving business security With fewer office days, you probably won’t need to take up as much work space anymore. Maybe some equipment has become more ornamental. Anything you don’t use or need, you could sell or donate. If you do have expensive equipment lying around that’s not being used, try and make money back from it or store it elsewhere. If you are keeping a lot of expensive equipment in vacant premises, especially fixed equipment and technology, then consider installing bars and shutters over the windows. Whatever your budget, you can improve your business security tenfold with key security measures. One of them being access control. Security gates with access control are incredibly effective at stopping unauthorised people from gaining entry. There are also car park barriers and bollards that are highly effective at keeping any potential getaway vehicles out. Easily portable technology High-quality CCTV is a best friend to any business, but you need to be reviewing it frequently High-quality CCTV is a best friend to any business, but you need to be reviewing it frequently, especially if you’ve done a perimeter check and noticed any signs of forced entry or damage. Don’t forget those signs either, let visitors or trespassers know they’re on camera. To fit in with the hybrid working model, static fixtures are becoming redundant. For instance, companies are switching to laptops instead of computers, so that workers can transport them easily to and from the office. This is not only more efficient and convenient, but it means assets are more guarded. It’s the same for any other gadgets. Having easily portable technology is good for business, hybrid working, and security. Don’t forget about your deterrents. Simple signs to warn people of alarms, CCTV, and even the fact that you don’t leave equipment inside overnight can go a long way. Best security technology Thieves are famous for taking their chances. Some will meticulously plan, and many strike at a convenient, opportune time. So having signs in place that show you have high-quality, intelligent security in place can work wonders, making them think twice. It’s also worth noting that you may not have the best security technology in place at the moment, but those on the outside don’t need to know that; they can be fooled. However, having the best physical security in place is vital, as criminals lurk and will take chances. Keep reviewing your security, especially as your business adapts and reshapes - whether you return back to full office days or carry on the hybrid working model. This guest post was contributed by Danny Scholfield, Managing Director of Expert Security UK.