Uptycs' Ransomware Detection Gains Recognition in MITRE Engenuity ATT&CK Evaluation

Uptycs | April 04, 2022

Uptycs, the first cloud-native security analytics platform that enables cloud and endpoint security from a single platform, revealed the results of the MITRE Engenuity ATT&CK Enterprise Evaluation, round 4 that it completed. The Wizard Spider and Sandworm threat groups were imitated in this round of impartial ATT&CK Evaluations for enterprise cybersecurity solutions. The famed Ryuk ransomware family was created by Wizard Spider, while the 2017 NotPetya assaults were carried out by Sandworm, a Russian cyber military force.

Ransomware is a growing scourge for all types of organizations and the focus of these MITRE Engenuity ATT&CK Evaluations could not come at a more appropriate time. Security teams can use these evaluation results to identify gaps in their detection coverage. Our strong performance in both the Windows and Linux portions of the evaluation demonstrate how Uptycs helps these Security teams to detect even advanced ransomware actors, in addition to the hardening needed to minimize the risk of ransomware in the first place,"

Ganesh Pai, Co-founder and CEO at Uptycs.

The MITRE Engenuity team selected to mimic two threat organizations that use the Data Encrypted For Impact (T1486) approach. Wizard Spider, for example, has used data encryption for ransomware, such as the well-known Ryuk malware (S0446). On the other side, Sandworm used encryption to destroy data, probably most notably with their NotPetya ransomware (S0368). While this year's evaluations have a common theme of "Data Encrypted for Impact," both groups have extensive reporting on a broad spectrum of post-exploitation tradecraft.

New advanced detection capabilities used by Uptycs are:

  • Ransomware Detection
  • Process Code Injection/DLL Injection and Process Hollowing
  • Master Boot Record (MBR) Overwrite
  • Lsass.exe Memory Credential Dumping


Hear from Aparna Ramani, Vice President of AI, Data & Developer Infrastructure Engineering at Meta and PyTorch Foundation Board Member, about Meta’s work together with AWS on PyTorch enhancements for AWS purpose-built ML chip Trainium.


Hear from Aparna Ramani, Vice President of AI, Data & Developer Infrastructure Engineering at Meta and PyTorch Foundation Board Member, about Meta’s work together with AWS on PyTorch enhancements for AWS purpose-built ML chip Trainium.

Related News


Leading Cloud Services Provider CloudIBN Expands Expertise with Microsoft Solutions Partner Competencies for Infrastructure - Azure & Modern Work

CloudIBN | November 25, 2022

CloudIBN, the leading cloud services provider is now one of the first partners to achieve new Microsoft Solutions Partner Competencies for Infrastructure - Azure & Modern Work. CloudIBN has demonstrated technological expertise in delivering secure, scalable, high-performance cloud services and solutions for customers across a range of industries and applications. As a Microsoft Solutions Partner, CloudIBN is committed to leveraging the innovations and expertise of the partnership with Microsoft in order to provide tailored solutions for each customer. With these new competencies - Microsoft Solutions Partner for Infrastructure (Azure) and Microsoft Solutions Partner for Modern Work – IBN demonstrates its commitment to developing cutting-edge cloud solutions on the Azure platform and modern work best practices. "We are focused on SMBs as well as large enterprises that are in need of any service starting from cloud migration to cloud led digital transformation. Heavily focused on Microsoft Azure, we are also open to offering hybrid cloud solutions and multi cloud services with our expanding AWS capabilities and portfolio," Ajay Mehta, the founder and CEO of CloudIBN and IBN Technologies With more than 22 Years of experience, CloudIBN is trusted by many global enterprises to deliver efficient cloud services. Innovative Cloud services and platforms by CloudIBN like Managed Cloud Security, Migration, Managed Services, Infrastructure as Code to Deliver Cloud Native and legacy Applications have helped companies meet business objectives via a robust, secure, and affordable cloud environment. These services allow companies to scale their business operations while keeping costs down quickly and efficiently. With a team of experienced, expert, and adaptive professionals, led by Founder Mr. Ajay Mehta, CloudIBN is uniquely positioned to help businesses take advantage of today's most cutting-edge technology solutions. With CloudIBN, the leading cloud services provider, in partnership with Microsoft, SMBs and enterprises can look forward to services like: Infrastructure Assessment and Azure Cloud Adoption: This Service will help organizations to identify areas of improvement and develop a roadmap towards optimization & migrate their existing workloads and applications onto cloud infrastructure, allowing them to take advantage of scalability, reliability, and cost-effectiveness that only the cloud can offer 24*7 Azure Managed Services: Expert Managed Services will assist organisations to achieve high availability, hyper agility, zero disruption, advanced security- compliance, and continuous optimization across business application ecosystem. Azure Managed Cloud Security - IAM, SIEM, SOAR, AD – Security services include auditing existing systems, developing custom security policies and procedures, monitoring virtual resources for threats with Tools like Sentinel, providing access control solutions with tool like Active Directory, performing penetration tests, as well as managing compliance with industry standards such as PCI DSS or HIPAA. Azure Backup and Disaster Service: Provides businesses with a comprehensive solution to protect data in the event of an outage or disaster Azure Optimisation and Well Architected Framework: Cloud IBN FinOps Service for Azure will help customers to reduce their cloud consumption costs by providing an effective governance process. This will include identifying and monitoring wasteful spending, as well as providing recommendations on how to optimize costs. In addition, the service will provide support for Azure billing and invoicing. Azure Application Modernisation: This Service helps organisation optimise cloud by modernising applications & data to fit a consumption-based cloud model. Azure DevOps: Certified DevOps engineers help customers to ship superior-quality software faster through streamlined processes, new technologies, and automated pipelines Microsoft 365 - Consulting and Migration Services: Flexible solutions tailored to each customer's unique needs, enabling businesses to leverage the power of Microsoft 365 for better collaboration, communication, and productivity With organizations needing to do away with legacy technologies, it is very important that business owners and top management groups at enterprise level start looking to invest in the future, while focusing on their core business strengths. CloudIBN, as a leading cloud services provider, helps clients at this stage with its professional and value-added services with a focus on cost-effective engagement, quality solutions and timely deliverables. The CloudIBN team comprises of certified and expert cloud architects, engineers for infrastructure, security and automation services who are proactive in their support and managed services. This team provides the best possible experience for customers. "With quality and security assurance of ISO 9001:2015, 27001:2013, dedicated quality policy, an experienced, certified and qualified team of cloud experts, and an established 24*7, 365 days Dedicated Support process, CloudIBN is always ready to help clients grow as per their needs," said Mr. Mehta. About CloudIBN: CloudIBN is a Microsoft Azure and AWS Partner and cloud services provider trusted by many global enterprises to deliver efficient cloud services. Headquartered in India with offices in the US, UK, and Singapore, and CloudIBN serves clients internationally and 24*7. The team drives cloud transformation for businesses, globally. If you're looking to adopt or migrate to the cloud, CloudIBN is your go-to partner.

Read More


Netskope Unveils Cloud Exchange as a Managed Service to Enhance IT and Security Operations with Automated Cloud Intelligence

Netskope | December 15, 2022

Netskope, a leader in secure access service edge (SASE), today announced that its innovative Cloud Exchange security and telemetry sharing solution is now available as a managed service, offering organizations more ways to provision, deploy, and manage the platform. With this release, companies can leverage seamless access to Netskope telemetry, external threat intelligence, and risk score sharing across existing security investments to stop cloud threats sooner. The company also announced a significant expansion of the solution's Cloud Risk Exchange (CRE) module with the ability to share application risk scores and insights with key technology partners BitSight, SecurityScorecard, and ServiceNow—helping organizations obtain better visibility of the risks associated with their ecosystem of managed and unmanaged applications. Improving the overall effectiveness and security posture of infrastructure in the cloud is critical for every organization. According to Foundry's Cloud Computing Study 2022, nearly 70% of organizations have accelerated their cloud migration over the past year, and the proportion of organizations having most or all of their IT infrastructure in the cloud is expected to increase from 41% today to 63% in the next 18 months. The byproduct of that migration is a growing attack surface in the cloud that needs efficient risk mitigation supported by skilled personnel, a challenge many organizations continue to grapple with amid a global cyber talent shortage. With Netskope's new Cloud Exchange as a managed service offering, organizations can immediately leverage Cloud Exchange without having to dedicate staff to provision, deploy, and manage the platform. Security teams can then put intelligence and risk scoring into better context and experience faster time to incident resolution. "As we continue to see a massive reliance on running more of their business in the cloud, organizations are seeking an easier pathway to ensure more efficiency while improving overall security posture, Cloud Exchange as a managed service fills a significant need for resource-strapped organizations and puts them in a position to expeditiously operationalize Netskope's valuable cloud intelligence across their security stack." Andy Horwitz, Vice President of Business Development, Netskope To further benefit customers, Netskope is deepening its partnerships and integrations, and expanding Cloud Exchange's CRE module to include application risk plugins from BitSight, SecurityScorecard, and ServiceNow to improve security risk understanding. The CRE module enables the exchange and normalization of risk scores between security solutions, enables adaptive policy controls to support zero trust principles, and can automatically trigger investigations using Cloud Ticket Orchestration (CTO) service tickets. With today's expansions, CRE now evaluates security posture and application risk by comparing risk scores from different security applications and uses internal and external telemetry to gain insights into application risk using a unique Netskope Cloud Confidence Index (CCI). "BitSight is excited to partner with Netskope to empower organizations to minimize risks associated with external parties in its ecosystem or supply chain," said Anders Norremo, Vice President of Product, Third Party Risk Management, BitSight. "We enable customers to assess and continuously monitor risks throughout the vendor lifecycle, which ensures they meet organizational policy and risk tolerance requirements while improving overall security posture." "As the use of third-party vendors grows exponentially, organizations struggle to understand, manage, and minimize the risks associated with third party ecosystems. The SecurityScorecard and Netskope partnership, including our additional integration with Cloud Threat Exchange (CTE), helps customers overcome these challenges by giving real-time visibility into valuable risk scores about their vendor ecosystems," said Alexander Rich, Vice President of Strategic Alliances at SecurityScorecard. "In most cases, customers alone don't have access to the same information Netskope and its partners can provide in aggregate regarding the applications within their third party ecosystem," said James Robinson, Deputy CISO, Netskope. "Netskope's added provision of application risk scores, combined with the previously established assessment of user and device risks, offers an unmatched understanding of third-party cyber security risks. Netskope's added capabilities and new partnerships prove its commitment to expanding the functionality and value of the Netskope Platform to meet the growing market demand." Cloud Exchange is available via Netskope, Github, and the AWS Marketplace and Cloud Exchange as a managed service and is immediately available via Netskope channel partners and in the AWS Marketplace. About Netskope Netskope, a global SASE leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More


Penguin Solutions Launches New Cloud-Native HPC/AI Control Plane and Announces Partnership with Google Cloud

Penguin Solutions | November 16, 2022

Penguin Solutions, an SGH brand that provides HPC, AI, and IoT technologies for edge, core, and cloud, today launched Scyld Cloud Central™ control plane, a new cloud-native HPC/AI offering, and announced its partnership with Google Cloud. This new unified solution for on-premises and cloud-based HPC/AI clusters will provide customers with simplified cluster deployment, streamlined user experience, and powerful cost management options. The Scyld Cloud Central control plane is cloud-native software designed to integrate on-premises and cloud-based resources to create flexible HPC and AI environments. The platform, utilizing software from Parallel Works, will support traditional shared cluster models controlled by job schedulers and will also enable the creation of user-specific virtual clusters in the cloud, where each user group has access to a custom-configured environment designed for their specific requirements. The control plane supports the creation of point-and-click workflows that simplify HPC and AI job execution for data scientists and researchers, and lighten the support load for busy system administrators. To further accelerate deployment, the Scyld Cloud Central control plane comes pre-integrated with many of the most popular tools and applications for analysis and simulation. “Many organizations want to leverage HPC-style processing for both HPC and AI workloads, but getting things running in the cloud is unfamiliar and complex when configuring a myriad of compute, storage, and network options,” said Mark Seamans, vice president, cloud solutions and services at Penguin Solutions. “With decades of experience in HPC, Penguin is uniquely positioned to simplify, guide, and assist customers through the complexity of creating customized and cost-optimized solutions.” Seamans added, “We are excited to work with Parallel Works to create advanced customer-specific solutions that utilize Parallel Works’ foundational technology and Penguin’s significant HPC/AI domain knowledge.” To further accelerate system delivery timelines, Penguin provides professional services to collaborate with both user/research teams and system administrators on implementation, training, and ongoing management. This dual benefit enables data scientists and researchers to spend more time using HPC, and busy system admins spend less time tuning and supporting HPC. Users of Penguin’s new Scyld Cloud Central control plane that also leverage Google Cloud can expect to gain the following benefits: Rapid deployment of HPC/AI environments to accelerate time to results Access to Penguin services to guide the implementation and to support end users Ability to start small and scale elastically using a “pay-as-you-go” model – and also to integrate with existing HPC clusters that may already be in use On-demand access to the latest processors and GPU technology to meet the needs of specific workloads Point-and-click integration with dozens of the most common HPC and AI applications, tools and libraries “Through our partnership with Google Cloud, we are now able to offer a solution that meets the needs of both customers who are new to HPC and AI, and also experienced teams that are looking to expand their on-premises environments to the cloud,” said Thierry Pellegrino, president of Penguin Solutions. “This latest solution will combine a suite of advanced cloud-native tools with our portfolio of HPC-specific professional services, enabling us to accelerate, and reduce complexity. Customers will be able to focus on harnessing the power of HPC and AI to drive their business, and not be distracted by integration hurdles and tuning details that can impact system performance and user productivity.” “Many organizations want to extend the power of their on-premises HPC environments with the flexibility and new capabilities of cloud, We’re thrilled to partner with Penguin Solutions to bring the best of on-premises and Google Cloud HPC environments to both existing and new users of HPC.” Bill Magro, chief technologist for HPC at Google Cloud Visit our website or see us at booth #2400 at SC22 in Dallas this week to learn more about Penguin’s new cloud-native HPC/AI control plane. Penguin Solutions, Penguin Computing, Scyld Cloud Central, and Scyld ClusterWare are trademarks or registered trademarks of Penguin Computing, Inc. All other trademarks and registered trademarks are the property of their respective owners. About Penguin Solutions The Penguin Solutions™ portfolio, which includes Penguin Computing™ and Penguin Edge™, accelerates customers’ digital transformation with the power of emerging technologies in HPC, AI, and IoT with solutions and services that span the continuum of edge, core, and cloud. By designing highly-advanced infrastructure, machines, and networked systems we enable the world’s most innovative enterprises and government institutions to build the autonomous future, drive discovery and amplify human potential. Penguin Solutions is an SGH Brand.

Read More