AI-powered investigation combined with behavioral detection and response reduces false positives for time-strapped detection engineers

RAD Security takes the stage as a finalist in the Black Hat Startup Spotlight Competition, it unveils the first-ever AI-powered incident investigation capability for behavioral detection and response. Today, cloud security is based almost exclusively on signature-based detections, which are notorious for burdening security teams with false positives. RAD Security is the first to combine AI-powered incident investigation with behavioral, signature-less detections, to significantly reduce false positives and provide much-needed relief for overburdened security teams.

Also Listen: AI Inspired Series by AiThority.com: Featuring Bradley Jenkins, Intel’s EMEA lead for AI PC & ISV strategies

“By definition, signatures are stateless, making investigations based on the signature-focused approach inaccurate and tedious,” says CTO and Co-Founder Jimmy Mesta. “By adding AI-powered investigations to behavioral detection, which is already a step ahead of signature-based detection in accuracy, security teams can quickly get light years ahead in the accurate assessment of incidents.”

RAD’s behavioral approach and AI-powered investigations result in the lowering of false positives on their own; but by putting these two capabilities together, RAD enables security teams to achieve a multiplier effect. The enhanced accuracy of behavioral methods versus signature-based methods is easily demonstrated using multiple examples of attack tactics like reverse shells, access to sensitive data, and a Sudo CVE. In these examples, while signatures can be easily bypassed by avoiding the exact parameters, they are detected by RAD’s behavioral solution. By the same token, a behavioral drift event is not always a malicious event, so the addition of the AI investigation capability ensures additional accuracy. AI is particularly suited for looking across large sets of data and quick contextualization, making it a natural investigation tool and engine to analyze benign versus malicious drift.

Throughout the history of cyber security, and most famously in the endpoint and network security markets, signatures have eventually been replaced by behavioral methods in response to an evolving threat landscape. Today, the cloud security category is nearly entirely composed of signature-based approaches with runtime security and Cloud Workload Protection (CWPP) that are standalone or part of a broader Cloud Native Application Protection Platform (CNAPP). In sharp contrast to signature-based CNAPPs, or posture-focused Cloud Security Posture Management (CSPM), RAD Security’s Cloud Detection and Response (CDR) solution creates behavioral baselines of unique good behavior to detect zero day attacks, enriching detections with real-time identity and infrastructure context that inform response actions.

More and more, detection and response is being accomplished by fewer and fewer dedicated people, with 22% of security professionals reporting recent layoffs at their company. The workforce reductions are an even more acute pain in cloud security, with 65% of cybersecurity and infosecurity professionals claiming burnout due to skill gaps. Even though a full 95% of IT decision makers feel their team has been negatively impacted by the cloud security skills gap, cloud native adoption continues, and analysts predict that, by 2025, 95% of new applications will be built using cloud native workloads.

Zero days like the XZ Backdoor are now a regular occurrence, making detection and response in cloud native environments more important than ever.

Also Read: Humanoid Robots And Their Potential Impact On the Future of Work

RAD Security has introduced multiple new features to help security teams adopt new innovation that will help them address these alarming trends and emerging threats:
– Amazon EKS Add-on: RAD Security is now available as an Amazon EKS Add-on in the AWS Marketplace for Containers. This means customers can now provision the real-time KSPM and runtime features of the RAD platform directly from EKS, for real-time visibility into their Kubernetes risk as well as signatureless cloud detection and response.
– Automated AI-Powered Investigation: RAD Security uses LLMs to quickly analyze multiple behavioral detections and determine whether an incident is malicious or benign, including real-time infrastructure and identity context.
– Findings Center: All incidents are now available in an easy to navigate console, making detection and investigation easier and quicker.
– RAD Open Source Catalog: New version details and new open source images have now been added to the RAD Catalog, detailing the changes in behavioral fingerprints over time and bolstering the behavioral workload fingerprint standard.

Schedule a meeting with the RAD Security team at the Black Hat Conference this week to discuss improving detection accuracy for attacks in your cloud environments. The team will be exhibiting at booth #219 in Startup City, and at 4:45PM EST they will be presenting at the Innovators and Investors Summit as one of the four finalists in the Startup Spotlight competition.

Don’t miss this out: More than 500 AI Models Run Optimized on Intel Core Ultra Processors

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

The post RAD Security Launches First AI-Powered Incident Investigation with Behavioral Detection & Response Platform appeared first on AiThority.

Expel, the managed security provider that aims to make security easy to understand, use and improve, unveiled new threat research and cloud detection, response and remediation resources.

“As defenders, we need to use every advantage we have. One of those is all of us being part of a defense community, sharing knowledge—about threats, vulnerabilities, defensive strategies—to better protect each other,” said Dave Merkel, CEO and co-founder of Expel. “I hope our threat intel and cloud security resources are useful to both our customers and the cybersecurity community at large.”

Recommended AI News: Zebra Pen Launches Augmented Reality Consumer Experience

The Expel Quarterly Threat Report (QTR) showcases the established and emerging trends and incidents the Expel security operations center (SOC) team observed across customer environments. The SOC team gathers its findings through investigations into alerts, email submissions, and hunting leads and threats from the second quarter of 2022 (April 1 to June 30). A thorough analysis of incidents identifies patterns and trends to help guide strategic decision-making and operational processes.

Some key takeaways from the QTR include:

• Identity-based attacks—which include credential theft, credential abuse, and long-term access key theft—accounted for 56% of all incidents identified by the Expel SOC in Q2.

• Ransomware threat groups and their affiliates have mostly abandoned the use of Visual Basic for Application (VBA) macros and Excel 4.0 macros to gain initial entry to Windows-based environments.

• Fourteen percent of identity attacks against cloud identity providers satisfied the multi-factor (MFA) requirement by continuously sending “Push” notifications to users until they approved.

Recommended AI News: Monite Partners With Codat to Enable Any App to Embed Invoicing and Bill Payment Features  

MITRE ATT&CK in Google Cloud Platform: A defender’s cheat sheet. As threat actors increasingly operate in the cloud, the Expel SOC team observes their activity and strategies to share information to educate defenders. The MITRE ATT&CK guide for Google Cloud Platform (GCP) contains a breakdown of the tactics the Expel SOC team sees attackers use most often during attacks in GCP. The guide also includes best practices for investigating incidents, and helps inform organizations’ GCP alert triage, and incident response to quickly remediate issues. Lastly, this cheat sheet includes a “mind map” that lays out the relationship between MITRE ATT&CK tactics, GCP services, and API calls to help security teams better understand how threat actors execute attacks. To learn more and download the defender’s cheat sheet for MITRE ATT&CK in GCP.

Expel Cloud Detection and Response. Expel ingests events and log data from GCP, Amazon Web Services (AWS), and Azure and enriches it with customer-specific context such as the type of environment (e.g., production, development) or user (e.g., admin) to hone detection based on risk and expected behaviors. Expel layers on the detections, ingesting security signal from cloud-native services and writing custom detections tailored to each cloud provided from the logs in the cloud admin control plane. Expel’s cloud infrastructure strategy is focused on catching misconfigurations, suspicious logins and unusual admin activity, like resource sharing.

Recommended AI News: Omnicom Precision Marketing Group Leads Forrester’s Creative Agency Assessment

[To share your insights with us, please write to sghosh@martechseries.com]

The post Expel Unveils Threat Research and Cloud Detection, Response and Remediation Capabilities and Resources appeared first on AiThority.

Confluera, the leading provider of next-generation cloud detection and response, announced that the company has been named a winner in the “Top 10 Cybersecurity Startups” category of this year’s 2021 Black Unicorn Awards, by Cyber Defense Magazine. This prestigious awards program takes place each year during the Black Hat USA conference, honoring cybersecurity innovators from around the world.

“We’re pleased to name Confluera as a Winner for the Top 10 Cybersecurity Startups for 2021 among a small, elite group of startups in our third annual Black Unicorn awards,” said Judges Robert R. Ackerman Jr. of AllegisCyber Capital, David DeWalt of NightDragon, Dr. Peter Stephenson of Cyber Defense Labs and Gary Miliefsky of Cyber Defense Magazine.

Recommended AI News: ADPList Raises $1.3 Million To Help Professionals And Students Get Instant Access To Mentorship

This award win comes on the heels of the launch of Confluera’s Cloud eXtended Detection and Response (CxDR) solution, designed to protect cloud-native environments from modern cybersecurity threats. Confluera CxDR brings together the best security capabilities from the otherwise silo-ed category of solutions; threat detection, threat analytics, and cloud security. This new CxDR solution reduces the industry average time to detect and mitigate advanced attacks from months down to hours while also reducing the need for personnel with highly specialized cybersecurity expertise.

Recommended AI News: Datadog Announces Deep Database Monitoring

“We are thrilled to be recognized by Cyber Defense Magazine as one of the Top 10 Cybersecurity Startups of 2021,” said John Morgan, CEO of Confluera. “Cloud security continues to be a top concern among organizations as each passing week brings word of a new breach or attack on a cloud environment. That is why at Confluera, we are committed to continuing our development of innovative cloud threat detection and response solutions, built on cloud-native architectures, that can help organizations realize the business benefits of the cloud with lower cyber risk.”

Recommended AI News: CACI Launches New CM62 Micro Gimbal for Efficient and Enhanced Situational Awareness

The post Confluera Named Top Cybersecurity Startup in 2021 Black Unicorn Awards appeared first on AiThority.

Confluera, the leading provider of next-generation cloud detection and response, announced that CRN, a brand of The Channel Company, has named Confluera to its 2021 Emerging Vendors list in the security category. Selected by CRN’s esteemed editorial team, this annual list honors new and up-and-coming technology vendors that have proven their commitment to innovation and growth within the larger IT channel.‍

Recommended AI News: AI Technology Startup Data Safeguard Tackles Data Privacy Compliance and Synthetic Fraud Threat

“The CRN 2021 Emerging Vendors list honors forward-thinking technology suppliers that are redefining IT channel success by focusing on innovative products that help customers overcome the complex and ever-changing IT demands,” said Blaine Raddon, CEO of The Channel Company. “Solution providers in search of the latest innovative technologies can depend on the Emerging Vendors list as a trusted resource.”

With a commanding grasp of the IT industry’s unique needs, technology vendors featured on the CRN 2021 Emerging Vendors list allow solution providers to tackle complex IT market challenges, increase bottom-line revenue across the board, and deliver customer-facing solutions that ensure the IT channel’s ongoing success well into the future.

Recommended AI News: Keysight Launches Cloud-based 5G Radio Access Network Performance Analytics Solution

Confluera’s ML-powered technology helps organizations identify and track events across all MITRE ATT&CK tactics, including reconnaissance, discovery, and east-west traffic in real-time. Using Continuous Attack Graph technology, Confluera stitches together individual events into real-time threat storyboards as they unfold, giving organizations full visibility into any attack progressions, reducing detection and remediation times from days to hours.

“We are proud to be recognized by CRN and the Channel Company as a new and emerging leader of the IT channel,” says John Morgan, CEO at Confluera. “Our innovative, next-generation cloud detection and response technology is built to protect our customers, partners, and their customers against today’s most advanced threats.”

Recommended AI News: tZERO Announces Leadership Transition  

The post Confluera Named 2021 Emerging Vendor by CRN appeared first on AiThority.

Confluera, the leading provider of next-generation cloud detection and response, announced the integration of GreyNoise Intelligence into its flagship security solution. This integration with GreyNoise provides Confluera customers additional context regarding discovered attacks, along with a reduction in noise and more prioritized event signals. These benefits are available immediately to all Confluera customers at no additional cost.

Recommended AI News: Minute Media Expands Voltax Video Offering for Publishers

“Wading through an avalanche of alerts and noise is a significant challenge for organizations as they try to decipher between the benign and true indicators of attacks. The challenge is further complicated by the sophistication and ease that modern attackers exhibit,” said John Morgan, CEO of Confluera. “Organizations rely on Confluera to stitch together signals from various sources  and accurately identify attacks with additional context. Our integration with GreyNoise, further enhances the ease with which our customers can identify and remediate attacks in real-time.”

Confluera’s ML-powered technology helps organizations identify and track events across all MITRE ATT&CK tactics, including reconnaissance, discovery, and east-west traffic in real-time. Using Continuous Attack Graph technology, Confluera stitches together individual events into real-time threat storyboards as they unfold, giving organizations full visibility into any attack progressions, reducing detection and remediation times from days to hours.

Recommended AI News: WP Engine Supercharges WordPress Development By Making Local Pro Free For Everyone

“GreyNoise provides context about noisy IP addresses that scan the internet,” said Andrew Morris, founder and CEO of GreyNoise Intelligence. “I’m excited about how well our intelligence data complements the insights that Confluera delivers – it’s a big win for customers.”

Recommended AI News: Integral Ad Science Announces Pricing Of Initial Public Offering

The post Confluera Enhances Cloud Detection and Response Solution With GreyNoise Anti-Threat Intelligence appeared first on AiThority.

Confluera, the leading provider of next-generation cloud detection and response, announced that Roysons, provider of unsurpassed printing and laminating services worldwide, has deployed the Confluera platform to secure its business-critical IT infrastructure, systems and data. Roysons deployed Confluera to help detect and prevent attackers from navigating through its network.

“Prior to implementing the Confluera platform, one of the biggest challenges for our security and IT teams was trying to manually manage, track and respond to all suspicious activity alerts we received daily, many of which turned out to be false positives,” said Vipul Bosmiya, Director of Supply Chain & IT at Roysons. “Confluera helps us automate this process by storyboarding alerts and highlighting important remediation efforts, along with providing detailed how-to remediation insights. Confluera essentially acts as a powerful watchdog over all of our critical business systems.”

Recommended AI News: CACI Launches New CM62 Micro Gimbal for Efficient and Enhanced Situational Awareness

Confluera’s ML-powered technology helps Roysons identify and track events across all MITRE ATT&CK tactics, including reconnaissance, discovery, and east-west traffic in real-time. Using Continuous Attack Graph technology, Confluera stitches together individual events into real-time threat storyboards as they unfold, giving Roysons full visibility into any attack progressions, reducing detection and remediation times from days to hours.

Recommended AI News: Moonwalk Universal Announces Support for IBM Spectrum Discover

“Security analysts spend the bulk of their investigation efforts correlating events across multiple systems and tools, a task that is very error-prone, laborious and time-consuming,” said John Morgan, CEO at Confluera. “The resulting outcomes often have false alarms and are available too late to take any preventative actions. Confluera helps companies like Roysons connect the dots to surface actual threats progressing through their workloads and take preventative actions before it’s too late.”

Recommended AI News: ISG to Publish Study of AWS Partners Helping Companies Adopt Public Cloud Solutions

The post Roysons Taps Confluera to Secure Company’s Business-Critical Infrastructure appeared first on AiThority.

Obsidian, the cloud detection and response company, announced availability in Amazon Web Services (AWS) Marketplace. AWS customers can now purchase the Obsidian SaaS security solution directly in AWS Marketplace and pay for the service through their integrated AWS bill.

Obsidian protects against account compromise, insider threats, access misuse, data leaks, excessive privileges and weak posture in SaaS applications with its cloud detection and response platform. Customers can start in minutes and get unified visibility, analytics, and protection for Salesforce, Workday, Microsoft Office 365, Google Workspace, and other leading SaaS apps.

Recommended AI News: Acquia Named a Leader in the Gartner 2021 Magic Quadrant for DXP

“Obsidian provides a comprehensive view of internal and external threats across SaaS applications. Now with the AWS Marketplace listing, customers can buy the Obsidian solution the way they want to purchase,” said Chelsea Strong, Vice President of Global Sales at Obsidian. “With no software to install, Obsidian offers zero-friction deployment in minutes via API. Since many customers of SaaS applications have an existing relationship with AWS, Obsidian’s availability in AWS Marketplace will make it simpler for them to try and to buy.“

Recommended AI News: CI Security Launches Multi-Tiered Solution to Reduce the Risk of Ransomware Attacks

Obsidian connects with SaaS applications seamlessly to aggregate data about accounts, privileges and activity. The platform normalizes and analyzes the data using machine learning and expert analysis to detect threats and risks. Security teams have unified access to activity data across SaaS applications to investigate and respond to incidents.

Obsidian offers a simple pricing model based on the number of employees. The ability to purchase Obsidian through AWS Marketplace enables organizations to get started with securing their mission-critical SaaS environments more quickly and easily. Obsidian remains 100% committed to the channel. Customers can purchase software solutions directly from their partner of choice in AWS Marketplace through the AWS Marketplace Consulting Partner Private Offers (CPPO) program.

Recommended AI News: Dudley Building Society Enhances National Credentials With ieDigital Online Savings Solution

The post Obsidian Cloud Detection and Response Now Available in AWS Marketplace appeared first on AiThority.

Obsidian Security, the cloud detection and response company, today announced protection for Zoom, enabling organizations to safely embrace the leading video communications service as a business-critical application. Using Obsidian, Zoom customers have enterprise-level monitoring, detection, and response capabilities from a security, compliance, and risk perspective. This is the latest addition to a set of rich integrations that Obsidian has built with SaaS-based collaboration products such as G Suite, Office 365, Salesforce, Slack, Box, Dropbox, and GitHub to enable secure collaboration in a cloud-first world.

Obsidian #CDR enables organizations to safely embrace @Zoom_US as a business critical application.

“Board meetings, medical appointments, and critical customer calls are all occurring over Zoom. Security teams are grappling with how to prevent account misuse and ensure that only the right people are in these meetings,” said Glenn Chisholm, co-founder and CEO of Obsidian. “Understanding who joined the meeting, from where and when, as well as whether they recorded the meeting is critical. Obsidian helps customers tackle this challenge with continuous monitoring and automated detection.”

Recommended AI News: Former Raymond James Executive, Robert Anastasi, Joins Abacode Cybersecurity & Compliance Board of Advisors

The Obsidian cloud detection and response platform aggregates, normalizes, and enriches data around user access and activity from an organization’s SaaS applications. Obsidian has built deep integrations with leading SaaS-based communication and collaboration platforms that organizations are increasingly relying on to get remote work done. Security teams can monitor user activity and get timely alerts to protect against accidental oversharing and insider threat, and to detect and respond to account compromise and data breaches.

Recommended AI News: Port53 Joins Forces With Devices for Students to Support Underprivileged Bay Area Students With Laptops

Obsidian’s Zoom integration lets security teams not only monitor who is using the service, but how they are using it. Obsidian generates insights and alerts related to a variety of risks and threats:

• Application misconfigurations that violate security best practices
• Risky user behavior that exposes accounts to takeover and misuse
• Account compromise, data breaches, and insider threat

Support for Zoom in the Obsidian platform is available today to customers. Zoom customers can get started in minutes by connecting their organization’s Zoom account to the Obsidian service. Obsidian offers a free, no-obligation two-week trial.

Recommended AI News: AWS Announces General Availability of Amazon Augmented Artificial Intelligence (A2I)

The post Obsidian Launches Zoom Protection to Accelerate Secure Business Adoption of Video Communication appeared first on AiThority.