AI-powered investigation combined with behavioral detection and response reduces false positives for time-strapped detection engineers

RAD Security takes the stage as a finalist in the Black Hat Startup Spotlight Competition, it unveils the first-ever AI-powered incident investigation capability for behavioral detection and response. Today, cloud security is based almost exclusively on signature-based detections, which are notorious for burdening security teams with false positives. RAD Security is the first to combine AI-powered incident investigation with behavioral, signature-less detections, to significantly reduce false positives and provide much-needed relief for overburdened security teams.

Also Listen: AI Inspired Series by AiThority.com: Featuring Bradley Jenkins, Intel’s EMEA lead for AI PC & ISV strategies

“By definition, signatures are stateless, making investigations based on the signature-focused approach inaccurate and tedious,” says CTO and Co-Founder Jimmy Mesta. “By adding AI-powered investigations to behavioral detection, which is already a step ahead of signature-based detection in accuracy, security teams can quickly get light years ahead in the accurate assessment of incidents.”

RAD’s behavioral approach and AI-powered investigations result in the lowering of false positives on their own; but by putting these two capabilities together, RAD enables security teams to achieve a multiplier effect. The enhanced accuracy of behavioral methods versus signature-based methods is easily demonstrated using multiple examples of attack tactics like reverse shells, access to sensitive data, and a Sudo CVE. In these examples, while signatures can be easily bypassed by avoiding the exact parameters, they are detected by RAD’s behavioral solution. By the same token, a behavioral drift event is not always a malicious event, so the addition of the AI investigation capability ensures additional accuracy. AI is particularly suited for looking across large sets of data and quick contextualization, making it a natural investigation tool and engine to analyze benign versus malicious drift.

Throughout the history of cyber security, and most famously in the endpoint and network security markets, signatures have eventually been replaced by behavioral methods in response to an evolving threat landscape. Today, the cloud security category is nearly entirely composed of signature-based approaches with runtime security and Cloud Workload Protection (CWPP) that are standalone or part of a broader Cloud Native Application Protection Platform (CNAPP). In sharp contrast to signature-based CNAPPs, or posture-focused Cloud Security Posture Management (CSPM), RAD Security’s Cloud Detection and Response (CDR) solution creates behavioral baselines of unique good behavior to detect zero day attacks, enriching detections with real-time identity and infrastructure context that inform response actions.

More and more, detection and response is being accomplished by fewer and fewer dedicated people, with 22% of security professionals reporting recent layoffs at their company. The workforce reductions are an even more acute pain in cloud security, with 65% of cybersecurity and infosecurity professionals claiming burnout due to skill gaps. Even though a full 95% of IT decision makers feel their team has been negatively impacted by the cloud security skills gap, cloud native adoption continues, and analysts predict that, by 2025, 95% of new applications will be built using cloud native workloads.

Zero days like the XZ Backdoor are now a regular occurrence, making detection and response in cloud native environments more important than ever.

Also Read: Humanoid Robots And Their Potential Impact On the Future of Work

RAD Security has introduced multiple new features to help security teams adopt new innovation that will help them address these alarming trends and emerging threats:
– Amazon EKS Add-on: RAD Security is now available as an Amazon EKS Add-on in the AWS Marketplace for Containers. This means customers can now provision the real-time KSPM and runtime features of the RAD platform directly from EKS, for real-time visibility into their Kubernetes risk as well as signatureless cloud detection and response.
– Automated AI-Powered Investigation: RAD Security uses LLMs to quickly analyze multiple behavioral detections and determine whether an incident is malicious or benign, including real-time infrastructure and identity context.
– Findings Center: All incidents are now available in an easy to navigate console, making detection and investigation easier and quicker.
– RAD Open Source Catalog: New version details and new open source images have now been added to the RAD Catalog, detailing the changes in behavioral fingerprints over time and bolstering the behavioral workload fingerprint standard.

Schedule a meeting with the RAD Security team at the Black Hat Conference this week to discuss improving detection accuracy for attacks in your cloud environments. The team will be exhibiting at booth #219 in Startup City, and at 4:45PM EST they will be presenting at the Innovators and Investors Summit as one of the four finalists in the Startup Spotlight competition.

Don’t miss this out: More than 500 AI Models Run Optimized on Intel Core Ultra Processors

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

The post RAD Security Launches First AI-Powered Incident Investigation with Behavioral Detection & Response Platform appeared first on AiThority.

Secrets are most commonly found in GitHub, with nearly 350 secrets leaked per year and eight passwords leaked per week per 100 employees

Nightfall AI, the leading enterprise data leak prevention (DLP) platform for SaaS, generative AI (GenAI), email and endpoints, today published findings from its annual State of Secrets Report. This research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total secrets exposed per 100 employees every year. What’s more concerning is that 35% of all API keys discovered were still active — posing a major risk for privilege escalation attacks, data leaks, data breaches and more. Many of the secrets discovered had already been exposed for several months.

Also Listen: AI Inspired Series by AiThority.com: Featuring Bradley Jenkins, Intel’s EMEA lead for AI PC & ISV strategies

Companies who have embraced modern cloud, SaaS and GenAI environments have only just begun to uncover the hidden risks of secret sprawl, which occurs when sensitive information like API keys or passwords are spread to apps, files and messages where they don’t belong. From within apps like Slack, GitHub, Jira and Google Drive, threat actors can easily find and leverage company secrets to compromise organizations to a devastating degree, as we’ve seen in numerous high-profile incidents at major brands, such as The New York Times and Sisense. Nightfall’s research aimed to bring this challenge to light and help companies understand where their secrets are sprawled—as well as how they can clean up their tech stack.

In its research, Nightfall scanned hundreds of terabytes of data looking for sensitive secrets — passwords, API keys, database connection strings and cryptographic keys — shared across cloud systems and applications over the past year, and found more than 171,000 secrets exposed across SaaS apps, GenAI tools, email and endpoints. While GitHub had the highest volume of secret sprawl, 54% of exposed secrets were found in other developer and productivity apps, including Confluence (134 per 100 employees), Zendesk (110), Slack (64) and Google Drive (34). This is notable because gaining visibility into sensitive data across a multitude of different SaaS platforms is a significant challenge for companies.

Also Read: Humanoid Robots And Their Potential Impact On the Future of Work

In its research summary, Nightfall breaks its findings down with a focus on passwords and API keys. Here are a few of the findings:

Passwords were the most commonly exposed secrets.

• 59% of the secrets discovered were passwords
• 8 passwords were discovered per 100 employees per week
• Passwords were most commonly found in GitHub (54%), Confluence (23%), Zendesk (15%) and Slack (8%)

API Keys were found across many popular SaaS and development platforms.

• 39% of the secrets discovered were API keys
• API keys were most commonly found in GitHub (71%), Slack (6.6%), Google Drive (6.6%) and Jira (6.6%)
• 7 API keys were discovered per 100 employees per week
• The most risky types of API keys commonly discovered were JSON web tokens, and API keys for Slack, AWS, GitHub, Gitlab, Google Cloud and Azure

“Secret sprawl is a pervasive and ever-present problem that companies must address now,” said Rohan Sathe, co-founder and CTO, Nightfall. “Fortunately, it is easily preventable. It’s important for security teams to know what secrets are being shared and where they’re being shared in order to t********** and minimize secret exposure.”

Combatting Secret Sprawl

Continuous monitoring and automated remediation can dramatically reduce the time it takes to identify and mitigate risk associated with secret sprawl. Nightfall also recommends that companies implement end-to-end encryption, use password managers and rotate API keys regularly to stave off data leaks and breaches. Nightfall also highlights the importance of educating employees about the safest ways to share secrets, and enforcing those teachings throughout the year as opposed to with annual security training alone.

Don’t miss this out: More than 500 AI Models Run Optimized on Intel Core Ultra Processors

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

The post Nightfall AI Research Finds 35% of Exposed API Keys Are Still Active and Vulnerable to Exploit appeared first on AiThority.

Elastic , the Search AI Company, is accelerating the adoption of AI-driven security analytics by automating SIEM data onboarding with Automatic Import. This new feature — the only one of its kind for a security analytics or SIEM solution — automates the development of custom data integrations. With Automatic Import, Elastic Security now adds custom data sources faster than any competing security analytics solution— from up to several days to less than ten minutes— facilitating broader visibility and easier SIEM implementation.

Also Read: AI Inspired Series by AiThority.com: Featuring Bradley Jenkins, Intel’s EMEA lead for AI PC & ISV strategies

One of Elastic’s largest security customers recently migrated nearly 200 data sources, including many custom technologies. Customers of this scale can now save hundreds of hours of consulting time and weeks to months of implementation time.

“Automatic Import addresses one of the biggest headaches of switching SIEMs: onboarding custom data sources,” said Michelle Abraham, research director, Security and Trust at IDC. “The feature automates the development of new data integrations, reducing the cost, complexity and stress of migration.”

Automatic Import applies generative AI to expedite labor-intensive SecOps tasks, building on previous Elastic AI-driven security analytics innovations like Elastic AI Assistant, which answers security questions and guides practitioner workflows, and Attack Discovery, which automates alert triage. Elastic can mitigate the security challenges intrinsic to fast-changing environments and messy data due to the company’s ability to handle unstructured data at scale and surface relevant insights via Large Language Models and RAG.

Powered by the Elastic Search AI Platform, Automatic Import provides model-agnostic access to harness the knowledge from large language models (LLMs) and the ability to ground answers in proprietary data using retrieval augmented generation (RAG). This is made possible by the flexibility of Search AI Lake and the company’s expertise in enabling security teams to leverage data of any kind.

“Automatic Import makes building and testing custom data integrations easier, helping us quickly enhance visibility throughout our environment,” said Nate Thompson, senior manager, Cybersecurity Analytics & Automation at Dana Inc.

Also Read: Extreme Networks and Intel Join Forces to Drive AI-Centric Product Innovation

Elastic Security ships with 400+ prebuilt data integrations, and Automatic Import makes it practical to extend visibility beyond these to an evolving array of security-relevant technologies and applications. These integrations normalize data to Elastic Common Schema (ECS), enabling uniform analysis with dashboards, search, alerting, machine learning, and more.

“Establishing visibility across an enterprise IT environment is inherently difficult, but no matter how the attack surface changes, security teams can’t afford to fly blind. Until now, onboarding custom data has been costly and complex,” said Mike Nichols, vice president of product for security at Elastic. “Automatic Import arrives at a critical moment to address these challenges, as organizations explore replacement options for their legacy SIEM tools.”

Automatic Import is launching with support for Anthropic models via Elastic’s connector for Amazon Bedrock. It supports JSON and NDJSON-based log formats.

Also Read: More than 500 AI Models Run Optimized on Intel Core Ultra Processors

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

The post Elastic Accelerates SIEM Data Onboarding with Automatic Import Powered by Search AI appeared first on AiThority.

AI EdgeLabs, a leading provider of edge cybersecurity solutions, proudly announces the launch of AI Security Assistant (AISA), a cutting-edge tool designed to redefine the operations of SOCs.

AiThority.com Latest News: Wipro Launches On-Premise GenAI Solution with Hewlett Packard Enterprise

“By automating routine tasks, categorizing alerts, and offering detailed explanations, AISA empowers security teams to focus their expertise on strategic initiatives, proactively defend against emerging threats, and safeguard their organizations’ critical assets.”

In today’s rapidly evolving threat landscape, cybersecurity professionals are inundated with a vast volume of alerts, incidents, and data streams, making it challenging to detect, analyze, and respond to potential threats effectively. AISA alleviates this burden by providing comprehensive analyses, actionable insights, and streamlined workflows, enabling security specialists to navigate complex security challenges with confidence.

“We are thrilled to launch EdgeLabs AI Assistant, a game-changer in the realm of cybersecurity,” said Inna Ushakova, CEO at AI EdgeLabs. “By automating routine tasks, categorizing alerts, and offering detailed explanations, AISA empowers security teams to focus their expertise on strategic initiatives, proactively defend against emerging threats, and safeguard their organizations’ critical assets.”

AiThority.com Latest News: Pulumi Copilot Delivers Unparalleled Speed with Generative AI-Powered Intelligent Cloud Management

AISA represents a significant leap forward in AI-driven security solutions. It offers a comprehensive suite of features aimed at maximizing the efficiency and effectiveness of SoC operations:

Detailed Analysis: AISA provides in-depth analyses of Endpoint Detection and Response (EDR), offering insights into potential impacts and attack scenarios.

Alert Classification: AISA categorizes alerts, identifies indicators of compromise, and recommends appropriate mitigation strategies, enabling SoC teams to prioritize and respond to threats efficiently.

Analytical Functions: Equipped with advanced analytical capabilities, AISA assists in managing alerts, and providing answers using a vast security knowledge database.

User-Friendly Interface: AISA offers an intuitive interface with three distinct user flows, each equipped with its own set of endpoints, data pipeline, and knowledge database. The four options include:

– AI Edgelabs Knowledge Base – for questions about the dashboard, settings, thread patterns, MITRE techniques, and more.

– Alerts & Incidents – to investigate specific alerts or incidents and gain deeper insights.

– Playbook & Response Action – AI-generated actionable playbooks to respond to security threats and ongoing attacks in real-time.

Read More: Blockchain for Good Alliance and Bybit Web3 Join SocialPlus Hackathon to Empower Builders

[To share your insights with us as part of editorial or sponsored content, please write to psen@martechseries.com ]

The post Next-Level Security Support: Introducing AI EdgeLabs AI Security Assistant appeared first on AiThority.

The post Cado Security Announces New Integration with CrowdStrike appeared first on AiThority.

The post Stellar Cyber and Proofpoint Strategic Alliance to Deliver Email Security Solution appeared first on AiThority.

A NYC area cyber security expert explains how to strengthen cyber security with AI in a new article. The informative article first relates that companies increasingly seek ways to employ artificial intelligence technologies (AI) to protect critical company assets and preserve business reputation. The author then asserts that AI-enhanced cyber security tools offer several advantages over traditional cyber security.

Recommended: AiThority Interview with Manuvir Das, VP, Enterprise Computing at NVIDIA

She continues by discussing how AI improves threat detection and remediation by analyzing vast amounts of data from various sources, employing machine learning to spot malicious activity. After discussing how AI is used to strengthen authentication and data loss prevention (DLP), she lists the benefits of AI-enhanced cyber security solutions, including reducing human error, improving efficiency, and discovering unknown threats.

“As organizations rely more heavily on digital technologies, they also face more frequent and sophisticated cyberattacks,” stated Jennifer Mazzanti, CEO, eMazzanti Technologies. “When used wisely and combined with human oversight, AI proves indispensable for protecting business assets in today’s digital environment.”

Below are a few excerpts from the article, “Proactive Companies Strengthen Cyber Security with AI.”

Improve Threat Detection and Remediation

“AI can analyze vast amounts of data from various sources, such as endpoints, networks, cloud services, identity systems, and applications. Then, using machine learning, it can then spot anomalies in that data that indicate possible malicious activity. AI can also learn from new data and adapt to changing threats, making it more effective than traditional rule-based systems.”

Strengthen Authentication and DLP

“AI plays a key role in zero trust security, which requires continuous identification of all users and devices. For instance, AI enables adaptive authentication, adjusting the level of verification based on the context and risk of each request. Using AI, organizations can define and enforce granular security policies based on device health, encryption, password strength and more.”

Recommended: AiThority Interview with Gregor Stühler, Co-Founder and CEO at Scoutbee

“Additionally, products like Microsoft Purview use AI to enhance DLP by automating the classification of sensitive data. Organizations can then use sensitive data labels to enforce automated policies for data sharing, encryption, and retention.”

Benefits of AI-enhanced Cyber Security Solutions

“Improve efficiency and reduce costs – AI gathers and analyzes data continuously, enabling dynamic incident detection and response. With AI, security teams can often address potential problems before damage occurs. And because AI handles the routine, time-consuming tasks, humans can focus on strategic activities.”

Recommended: AiThority Interview with Shafqat Islam, Chief Marketing Officer at Optimizely

[To share your insights with us, please write to sghosh@martechseries.com] 

The post Proactive Organizations Strengthen Cyber Security with AI appeared first on AiThority.

Firedome, a global leader in Endpoint Protection for IoT, announced a strategic alliance with Maltiverse, a leading threat intelligence provider with specialized data for IoT threats, to provide advanced IoT threat intelligence in the Firedome Endpoint Protection Platform (EPP).

Latest Insights: Is Customer Experience Strategy Making or Breaking Your ‘Shopping Festival’ Sales?

Providing a tailored solution for security teams, Firedome EPP for IoT detects and prevents cyber attacks on any IoT device as a direct target or as entry points to infiltrate the network. The first of its kind, lightweight agent built for IoT devices in the enterprise, home or industrial setting and across multiple verticals such as healthcare, energy, smart building, retail and more,  causes no impact on user experience and ensures the device’s ongoing security.

Through this alliance, Maltiverse will enrich the Firedome EPP with advanced threat intelligence, providing a more robust and improved posture for detecting and responding to security threats. With more comprehensive sanitized data, Maltiverse’s machine learning algorithms will improve the accuracy in identifying and correlating threat indicators and enable Firedome’s customers to more effectively detect and mitigate threats.

“This partnership is a testament to our commitment to delivering the best possible security solutions for our customers. We are confident that this alliance will set a new standard in the industry and drive innovation and growth for both companies,”  said Orr Chen, Firedome Co-Founder and CTO. “We look forward to the opportunities this partnership will bring and to continuing to serve our customers with the highest level of security solutions.”

Read More: ChatGPT Won’t Replace Your Marketing Job, But it’s Critical to Leverage for Success

“The integration of Maltiverse’s data and insights, aligned with the Mitre Attack Framework, will provide customers with a comprehensive view of the threat landscape, allowing for more informed and proactive security measures,” said Antonio Gómez, the Chief Product Officer of Maltiverse.

Firedome is a cybersecurity pioneer specializing in endpoint protection for IoT devices. The Firedome EPP™ allows organizations to prevent advanced attack types such as supply chain and insider threat on IoT endpoints that would otherwise be undetectable by existing security controls.
Firedome is democratizing EPP for IoT and enables security teams to protect IoT endpoints with agent-based EPP for IoT.

AiThority: How AI Can Improve Public Safety

[To share your insights with us, please write to sghosh@martechseries.com]

The post Firedome Announces Strategic Alliance with Maltiverse for Advanced IoT Threat Intelligence appeared first on AiThority.

Wiz, the leading cloud security platform, announced the public preview for the Wiz Runtime Sensor, which helps organizations further protect cloud workloads by detecting and responding to potential threats in real-time. The Runtime Sensor deepens the value of Wiz’s top-ranked Cloud Native Application Protection Platform (CNAPP) by eliminating blind spots and siloes to provide better visibility, risk assessment and protection.

To best secure cloud environments, security teams need to both proactively remove exploitable attack paths into their cloud and have a last line of defense in the event of an incident. By extending its platform with the Wiz Runtime Sensor, Wiz gives organizations a way to do this without having to rely on multiple, fragmented tools. Furthermore, organizations that rely exclusively on an agent-based workload protection approach leave as many as 80% of workloads unprotected with undiscovered vulnerabilities and attack paths, according to Wiz research. The new Runtime Sensor extends Wiz’s existing agentless visibility with agent-based real-time detection, for the best of both worlds.

Read: How AI NFTs Are Unlocking the Democratization of the Digital Economy

“We promised the board world-class Cloud Security Posture Management and real time threat detections,” said Joel Bork, CISO at DoubleVerify. “Between what Wiz already brought to the table with agentless visibility, risk assessment and the rollout of the new Sensor, Wiz exceeds that promise and delivers additional forensics features as well. After months of robust review, it is by far the best offering on the market and enables us to drive our hybrid and multi-cloud security strategy from a single platform.”

“Wiz enables us to combine the reactive and proactive aspects of cloud security in a single source of truth,” said Joel Cardella, Director, Cybersecurity Engineering at Dexcom. “We rely on the visibility that Wiz provides to surface the unknowns and provide actionable signals from noise. With the Wiz Runtime Sensor, we are adding active, real-time telemetry that gives my team intelligent insight to drive better actions. Dexcom has a strategic goal of pushing hard and fast to scale our business. By leveraging Wiz, we can support and accelerate our cloud transformation without doubling the security team. My team is more efficient and able to focus on strategic work. Wiz simplifies our security challenges and will allow us to more than double our cloud environment over the coming years without scaling complexity.”

The Wiz Runtime Sensor is a lightweight eBPF-based agent that can be deployed within Kubernetes clusters. It provides real-time visibility into cloud-native environments, full detection and threat mapping, enhanced remediation and prioritization, and helps organizations chase down the threats that matter to minimize disruptions to the business. Key benefits include:

1. Real-time monitoring and detection of threats and malicious behavior: Wiz detects known and unknown threats including remote code execution, malware, cryptomining and other forms of resource theft, lateral movement or worms, rootkits seeking persistence or privilege escalation and container escape.
2. Full end-to-end visibility into attacks for faster, more efficient response: Wiz extends its Cloud Detection & Response capabilities by correlating threats across real-time signals, cloud activit, and audit logs in a unified, contextual view to uncover attacker movement within a cloud environment so cloud defenders can rapidly respond to limit the impact of a potential incident.
3. Extended attack path analysis for better risk prioritization: Enriches Wiz’s agentless vulnerability assessment using runtime workload signals to identify vulnerabilities affecting active packages that are being used by the workload, so security teams can focus remediation efforts on vulnerable active packages.
4. Out-of-the-box detections to ensure readiness for the latest attacks: The Wiz Threat Research team constantly adds coverage for the latest cloud and Kubernetes attacks seen in the wild. The Wiz detection engine is updated with heuristics-based rulesets that provide transparent and consistent detections, including complex detections that require correlation across cloud layers.

AiThority: How Generative AI is Transforming Audio Content

launch is instrumental in our quest to simplify cloud security” said Yinon Costica, Co-Founder and VP Product, Wiz. “The Wiz Runtime Sensor expands Wiz to a ‘defense in depth’ approach, which spans prevention to real-time detection and response. We are committed to continue to innovate our CNAPP so that it supports customers across their cloud security journey, particularly as they look to consolidate and optimize value from technology investments.”

Latest Insights: Why Only AI and Data Analytics Can Stop Financial Criminals

[To share your insights with us, please write to sghosh@martechseries.com]

The post New Wiz Runtime Sensor Pioneers a Unified Approach to Cloud Security appeared first on AiThority.

Tessian, a leading Integrated Cloud Email Security company, announced the general availability of Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions.

Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls, and spend too much investigating and remediating individual emails. Tessian Respond enables security teams to quickly identify and respond to all email threats by offering proactive threat hunting capabilities and enabling response and remediation for end-user reported emails. Security admins can now use powerful search queries that leverage intelligence and threat indicators from across the entire Tessian platform.

Hundreds of world leading  organizations trust the Tessian Cloud Email Security Platform which offers the industry’s most complete set of capabilities required for cloud email security: Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach, in a simple to deploy model.

Read More: ChatGPT Won’t Replace Your Marketing Job, But it’s Critical to Leverage for Success

“At Tessian, we are focused on helping our customers eliminate email based threats,” said Allen Lieberman, Chief Product Officer of Tessian. “As customers pivot to cloud based email platforms, they are reconsidering their email security stack to prevent more threats and simplify operations.  With the introduction of Tessian Respond, combined with our existing Defend, Protect, and Coach capabilities, Tessian has established a platform that can be deployed in minutes, dramatically reducing email based risk and greatly simplifying operations.”

“Tessian stops email threats, including Phishing, Business Email Compromise and attacks that could lead to Ransomware or Credential theft on a daily basis,” said Jason Patterson, Senior Director of InfoSec, Compliance and Risk Management at Nasuni. “Without Tessian, these threats would have reached our end users. The platform is easy to use for both administrators and end users. However, Investigating the larger impact of an email threat used to take 20 minutes or longer, due to pivoting between multiple tools and powershell scripts. With Tessian Respond, we can now pivot directly from a security event to an investigation in the Tessian platform that allows us to quickly understand the broader risk and remediate the full attack campaign in just a few clicks.”

Latest Insights: Is Customer Experience Strategy Making or Breaking Your ‘Shopping Festival’ Sales?

[To share your insights with us, please write to sghosh@martechseries.com]

The post Tessian Launches Advanced Email Threat Response Capabilities for Security Teams appeared first on AiThority.