CLOUD COMPLIANCE AND AUDIT

Uptycs' Ransomware Detection Gains Recognition in MITRE Engenuity ATT&CK Evaluation

Uptycs | April 04, 2022

Uptycs_Ransomware
Uptycs, the first cloud-native security analytics platform that enables cloud and endpoint security from a single platform, revealed the results of the MITRE Engenuity ATT&CK Enterprise Evaluation, round 4 that it completed. The Wizard Spider and Sandworm threat groups were imitated in this round of impartial ATT&CK Evaluations for enterprise cybersecurity solutions. The famed Ryuk ransomware family was created by Wizard Spider, while the 2017 NotPetya assaults were carried out by Sandworm, a Russian cyber military force.

Ransomware is a growing scourge for all types of organizations and the focus of these MITRE Engenuity ATT&CK Evaluations could not come at a more appropriate time. Security teams can use these evaluation results to identify gaps in their detection coverage. Our strong performance in both the Windows and Linux portions of the evaluation demonstrate how Uptycs helps these Security teams to detect even advanced ransomware actors, in addition to the hardening needed to minimize the risk of ransomware in the first place,"

Ganesh Pai, Co-founder and CEO at Uptycs.


The MITRE Engenuity team selected to mimic two threat organizations that use the Data Encrypted For Impact (T1486) approach. Wizard Spider, for example, has used data encryption for ransomware, such as the well-known Ryuk malware (S0446). On the other side, Sandworm used encryption to destroy data, probably most notably with their NotPetya ransomware (S0368). While this year's evaluations have a common theme of "Data Encrypted for Impact," both groups have extensive reporting on a broad spectrum of post-exploitation tradecraft.

New advanced detection capabilities used by Uptycs are:

  • Ransomware Detection
  • Process Code Injection/DLL Injection and Process Hollowing
  • Master Boot Record (MBR) Overwrite
  • Lsass.exe Memory Credential Dumping

Spotlight

In a recent Forbes Market Insight survey, 92 percent of companies polled indicated that by making sufficient use of their big data, they were able to meet or exceed their goals.4 But how accurate is that big data? Big data is complex, and highly prone to widespread quality problems. Big data’s “Three Vs” – volume, variety, and velocity – must make room for a “Fourth V”: Veracity. Delivering that most elusive characteristic begins by ensuring that big data has the highest possible integrity. The best way to do that is to clean data where it lives – as transactions flow into systems, as the user clicks “OK” on a website, or as an RSS feed indicates that a new blog post is live. Information Builders provides comprehensive data quality management, including master data management and data governance. With Information Builders, organizations can optimize the quality of big data before it spreads into other parts of the enterprise. The result is better operational processes, better business intelligence, and better correlated and managed big data analytics.

Spotlight

In a recent Forbes Market Insight survey, 92 percent of companies polled indicated that by making sufficient use of their big data, they were able to meet or exceed their goals.4 But how accurate is that big data? Big data is complex, and highly prone to widespread quality problems. Big data’s “Three Vs” – volume, variety, and velocity – must make room for a “Fourth V”: Veracity. Delivering that most elusive characteristic begins by ensuring that big data has the highest possible integrity. The best way to do that is to clean data where it lives – as transactions flow into systems, as the user clicks “OK” on a website, or as an RSS feed indicates that a new blog post is live. Information Builders provides comprehensive data quality management, including master data management and data governance. With Information Builders, organizations can optimize the quality of big data before it spreads into other parts of the enterprise. The result is better operational processes, better business intelligence, and better correlated and managed big data analytics.

Related News

CLOUD SECURITY

New Spectro Cloud Palette Edge Platform Brings World-Class Security and Operational Efficiencies to Kubernetes at the Edge

Spectro Cloud | September 30, 2022

Spectro Cloud, a leader in modern Kubernetes (K8s) management software, today announced a major new release of its Palette Edge platform. Kubernetes at the edge has spurred the interest of businesses around the world as they seek to enhance competitiveness and agility. To date, however, K8s at the edge has failed to realize its true potential. Why? A study by Dimensional Research found 72% of Kubernetes users effectively said: “It’s too challenging to deploy and manage Kubernetes on edge devices.” The Palette Edge platform, first launched in March 2022, earned Spectro Cloud recognition as a 2022 Gartner Cool Vendor in Edge Computing solves this problem, enabling organizations to re-define how cost-efficiently they can deploy and manage edge K8s clusters at scale, including at locations with small form factor devices, no on-site IT skills and marginal connectivity. Palette Edge delivers remote troubleshooting, zero-downtime rolling upgrades and patch management, even in single-server edge deployments, due to its unique A/B OS partition, multi-node failsafe design and support for both ARM and x86 architectures, including Intel’s Trusted Platform Module (TPM). Palette Edge derives its functionality from Spectro Cloud’s core Palette platform, which enables organizations to consistently manage K8s clusters across their full lifecycle, across public clouds, virtualized or bare metal data centers, as well as edge locations. Through a unique extension of Cloud Native Computing Foundation (CNCF’s) Cluster API, Palette enables IT teams to model their full Kubernetes stacks from the OS to the application in a true declarative model, creating project-curated, reusable Cluster Profiles while providing a choice of operating systems, K8s distributions and tools from the broad K8s ecosystem. Palette is architected to scale, delivering centralized and automated management combined with decentralized orchestration and policy enforcement — together enabling a virtually infinite scale from few to tens of thousands of clusters. Extending this core Palette foundation, Palette Edge today adds unique security, visibility and usability capabilities, setting a new industry standard for deploying and centrally managing edge K8s at scale, dramatically lowering total cost of ownership and risk for organizations of any size expanding to the edge. Palette Edge is purpose-built to support key industry use cases including Internet of Things device management and orchestration, data ingestion, streaming, analytics and AI inference. “For us, edge is an enabler to help clinicians deliver better patient outcomes by deploying technology closer to the user,” said Vignesh Shetty, SVP & GM Edison AI and Platform at GE Healthcare Digital. “The need for a secure, cost-effective approach to manage Kubernetes at the edge at scale is more relevant than ever before.” The new Palette Edge delivers on the key priorities for edge K8s users with: Tamperproof security for Kubernetes at the edge: Spectro Cloud research found that security is the #1 concern when adopting edge Kubernetes. Edge Kubernetes devices deployed in remote, unmonitored locations are particularly vulnerable to deliberate tampering and unintentional configuration drift, where their operating system, distribution and other software elements move out of compliance through ad hoc configuration changes. Palette Edge now enables operations teams to build highly secure configurations for edge devices, including their preferred Kubernetes distribution and the underlying OS, which once deployed become immutable, read-only and unmodifiable by the application user, just like the firmware on a smartphone. The now-immutable stack also enables zero-downtime rolling upgrades, due to a failsafe deployment design. Palette eXtended Kubernetes Edge (PXK-E): This new edge-optimized Kubernetes distribution version of Spectro Cloud’s CNCF-upstream Kubernetes distribution is available now to all Palette customers. PXK-E incorporates Palette’s new immutability capability, along with NIST-800 security hardening. It is certified for more than 50 open source and commercial cloud native integrations and provides high availability and zero-downtime rolling upgrades even in single-server configurations. With Palette Edge, businesses can choose the PXK-E distribution or Palette-optimized versions of any other K8s distribution, verified and supported by Spectro Cloud. A powerful NOC-like dashboard: Now organizations scaling to thousands or tens of thousands of edge devices have the power to manage their fleet more easily and with greater control than ever before. Palette Edge’s Network Operations Center-like (NOC) dashboard provides a highly intuitive user experience with live status for key events, plus advanced capabilities to filter, tag and drill down to clusters by location, status or other attribute. Importantly, operators can define powerful workflows for managing clusters, with almost infinite possibilities: for example, they can phase deployments of cluster updates by location for canary testing, or schedule patching to follow the sun. Ultra-simple edge device onboarding: In edge Kubernetes projects, organizations can find the act of deploying new devices in remote locations incredibly problematic; often, costly field engineering truck rolls are needed. Palette Edge makes it easy for non-specialist staff to quickly power up and onboard a new device into a managed cluster, using a variety of methods, such as through Palette Edge’s user interface, leveraging its open API, the Spectro Cloud Terraform provider, or by simply scanning a QR code on the edge device itself. The features delivered in this new Palette Edge release reflect real customer requirements of K8s at the edge. To address them and also contribute to the broader cloud native community, Spectro Cloud is now leading a unique open source project which delivers failsafe immutability at the edge: Kairos. Version 1.0 of Kairos is now generally available with extended community support, and is free to download and use. For more information, visit www.kairos.io. This is another example demonstrating Spectro Cloud’s continued commitment to foster innovation as a member of the CNCF and Linux Foundation, contributing to major Kubernetes ecosystem projects such as Cluster API and the Cluster API Provider for Canonical MAAS. These major new features are available today in Spectro Cloud’s Palette Edge edition and further position Palette as the first choice for organizations running Kubernetes at the edge at scale, enabling them to bring modern applications and data close to their end-users. Customers of Palette Edge are already realizing significant benefits by avoiding otherwise necessary field engineering visits at edge locations, which can result to up to 90% reduction in operational costs. “A key use case for 5G Edge compute is mission critical, ultra-low latency, workloads. That means cyber-security is a foundational principle for Edge and not an afterthought. Spectro Cloud is delivering a customer solution for deploying modern apps to the Edge that can integrate readily into end-to-end Zero Trust architectures,” said Dr. Ken Urquhart, Global Vice-President, 5G at Zscaler. “This brand new set of capabilities is making edge K8s locations as easy as a cloud for our customers, With a platform that can scale to tens of thousands of edge locations, requirements like security, resiliency and ease-of-use can be game changers, and this has been our focus in the latest release. At Spectro Cloud we are committed champions of the innovation coming out of the open source community, and we couldn’t be more excited to collaborate with some of the most interesting projects to deliver some of those new capabilities.” Spectro Cloud co-founder and CEO Tenry Fu About Spectro Cloud Spectro Cloud uniquely enables organizations to deploy and manage Kubernetes in production, at scale. Its Palette enterprise Kubernetes management platform gives IT Operations and DevOps engineering teams effortless control of the full Kubernetes lifecycle even across multiple clouds, data centers, bare metal and edge environments. Ops teams are empowered to support their developers with curated Kubernetes stacks and tools based on their specific needs, with granular governance and enterprise-grade security.

Read More

CLOUD APP DEVELOPMENT

Snyk Unveils Snyk Cloud, the Industry's First Developer-Centric Cloud Security Solution

Snyk | July 27, 2022

Snyk, the leader in developer security, today unveiled Snyk Cloud, announcing the launch of the industry's first comprehensive Cloud Security Solution designed by and for developers. This latest development was made possible by the acquisition of Fugue earlier this year. Thoughtfully designed with global DevSecOps teams in mind, Snyk’s Cloud Security solution unites and extends existing products Snyk Infrastructure as Code and Snyk Container with Fugue’s leading cloud security posture management (CSPM) capabilities. These elements are now powerfully combined to realize a fully featured cloud security solution that allows today’s modern developers to continue their rapid pace of innovation securely. The Snyk Cloud product extends the company’s existing Developer Security Platform in a significant way, allowing more companies to embrace DevSecOps and spark further effective collaboration between their developer, operations, security and compliance teams. Instead of grappling to patch together multiple, incompatible cloud and application security solutions, ultimately leading to a fragmented view of application security in the cloud, global developers now have the ability to take full ownership of their infrastructure. At the same time, their security counterparts can define and operate a consistent cloud security posture across the entire software development lifecycle (SDLC). With the digital era’s ever rising need for innovation speed, siloed application and cloud security tools that focus on detecting issues after deployment are too slow and risky, creating growing tension between developer and security teams. With the addition of Snyk Cloud, Snyk customers will now be the first to benefit from a unified platform and policy engine that equips them to create secure deployments via an unmatched feedback loop – from code to cloud and back to code – securing their cloud before deployment and maintaining its secure integrity while running as well as then assessing and prioritizing the precise places to provide fixes back in the code. In fact, over the past year, Snyk customers have reported that they improve their security risk posture by more than 60% by reducing the time it takes to find and fix vulnerabilities. “Snyk’s developer-first approach disrupted the application security industry and we’re now aiming to apply many of those lessons learned to the fastest growing segment of cybersecurity today: cloud security, Predicted to be worth $77.5 billion by 20261, this is an area ripe for change. Today’s news represents another important milestone for the developer security movement, and we look forward to the industry’s response to our vision of uniting AppSec and CloudSec teams to secure today’s apps more efficiently.” Peter McKay, CEO, Snyk “Our global customers have witnessed firsthand how previous cybersecurity tenets have evolved profoundly, with cloud infrastructure now changing just as fast as the apps themselves. They’re eager for one comprehensive solution that provides a truly complete cloud picture, driving DevSecOps by enhancing developer productivity securely,” said Adi Sharabani, CTO, Snyk. “We’re incredibly proud to reveal this industry gamechanger, Snyk Cloud, the first developer security product designed for the cloud era in order to address every important stage of a modern app’s life today from development through to production.” Now Powered by Snyk: The Cloud Security Podcast In timing with AWS re:Inforce, Snyk has introduced two exciting new cloud security hires, Ashish Rajan and Shilpi Bhattacharjee, founders of the Cloud Security Podcast, which is now officially powered by Snyk. In their new roles, Ashish will be Snyk’s first Cloud Security Advocate, while Shilpi will continue to serve as Lead Program Manager for the Cloud Security Podcast. As with the Secure Developer Podcast and DevSecCon, Snyk is committed to continuing to build these global communities that foster education, thought leadership and promote secure development. Please visit here to read more about what’s ahead for Ashish, Shilpi and the incredible cloud security community that they have fostered over the last several years. Snyk is a Diamond sponsor at AWS re:Inforce, a learning conference focused on security, compliance, identity and privacy taking place in Boston, July 26-27, 2022. Snyk Cloud is currently available on a limited basis with general availability planned in the Fall 2022. To see Snyk Cloud in action, visit the company’s booth (#408) or sign up for a demo here. About Snyk Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 2,000+ customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut and Salesforce.

Read More

CLOUD SECURITY

Dynatrace Extends Cloud Security to Provide Vulnerability Analysis Across All Layers of the Application Stack

Dynatrace | August 12, 2022

Software Intelligence company Dynatrace announced today it has extended its Application Security Module to detect and protect against vulnerabilities in runtime environments, including the Java Virtual Machine (JVM), Node.js runtime, and .NET CLR. In addition, Dynatrace has extended its support to applications running in Go, one of the fastest-growing programming languages, with adoption increasing by 23 percent last year. With these enhancements, the Dynatrace® platform becomes the only solution providing real-time visibility and vulnerability analytics across the entire application stack, which includes custom code, open-source and third-party libraries, language runtimes, container runtimes, and container orchestrators. Dynatrace not only identifies vulnerabilities across each of these layers automatically but also analyzes them to provide actionable and precise answers out-of-the-box. This empowers development and security teams to assess risk better, prioritize and remediate threats more effectively, and innovate faster and with increased security. “We have a proud heritage as a cloud-native business that harnesses agile delivery practices, the latest technology, and a state-of-the-art, secure development lifecycle to bring continuous innovation to our customers, Dynatrace Application Security helps to make this possible by giving us comprehensive visibility and analytics across all layers of our complex application ecosystem, ensuring no vulnerability escapes our secure DevOps lifecycle. In addition, it helps us instantly understand the risk and potential impact of zero-day vulnerabilities, such as Log4Shell, and automatically prioritizes the steps required to resolve them. This saves our teams from wasting weeks triaging alerts and enables them to resolve new vulnerabilities in just days or less, so they can stay focused on innovating.” Luca Domenella, Head of Cloud Operations and DevOps at Soldo Language runtimes are a critical layer of the application stack as they ensure apps are available and well-executed on any platform without having to be rewritten or recompiled. By extending its Application Security Module to support runtimes in the most widely adopted programming languages, Dynatrace delivers the industry’s most comprehensive application vulnerability analysis, spanning all potential entry points in pre-production and production environments. “The number of entry points attackers use to target applications continues to expand. Vulnerabilities can creep into applications from any part of the software supply chain, including open-source or third-party components and application runtimes,” said Steve Tack, SVP of Product Management at Dynatrace. “Traditional approaches can’t accurately surface vulnerabilities at runtime or analyze their potential exploitability and impact. Dynatrace is the only solution that provides runtime vulnerability analysis across the entire application stack and AI-assisted prioritization for the most popular cloud-native application technologies, now including Golang. With these capabilities, DevSecOps teams can focus on remediating the most impactful vulnerabilities. This helps them innovate faster, with the confidence that all layers of their applications are vulnerability-free.” About Dynatrace Dynatrace exists to make the world’s software work perfectly. Our unified software intelligence platform combines broad and deep observability and continuous runtime application security with the most advanced AIOps to provide answers and intelligent automation from data at an enormous scale. This enables innovators to modernize and automate cloud operations, deliver software faster and more securely, and ensure flawless digital experiences. That’s why the world’s largest organizations trust the Dynatrace® platform to accelerate digital transformation.

Read More