3 Layers Technologies have Partnered with CYBOWALL to Provide Their Clients AI-based Threat Detection to Combat Emerging Cyber-Attacks
Cyber-attacks and information security vulnerabilities have become one of the major threats facing organizations. On its website, the Philippine National Police (PNP) Anti-Cybercrime Group reported that there are 869 online scam cases from March to September 2020. This is higher by 37 percent compared to 633 in the same period in 2019.
The start-up company, CYBOWALL, is one of the few companies to utilize Artificial Intelligence (AI) in the fight against cyber-crime. Their unique technology autonomously learns new attack patterns, proactively prevents cyber breaches and optimizes overall SOC handling ROI.
Using its “Attack Hunter” engine, CYBOWALL analyzes massive amounts of data and allows ongoing monitoring of customers’ existing systems and software in an appropriate way to monitor and detect potential cyber-attacks on time and reduce their risks and impacts.
As of early 2021, 3 Layers Technologies, a value-add service provider focusing on Network Security, Optimization, and Cybersecurity, started marketing and reselling CYBOWALL to clients in the Philippines region.
Ziv Simhon, VP Business Development & Sales at CYBOWALL, said: “We see the collaboration with 3 Layers Technologies as a vital asset in our partnership ecosystem. It serves as an entry point into the Philippines and as a steppingstone for CYBOWALL to enter the South Asian market. `We are certain that using 3 Layers Technologies’ expertise will enable security and IT teams in the Philippines marketplace, to enhance cyber-attacks detection, with our unique CYBOWALL product accompanied by our powerful Autonomous Machine Learning & Multi-Step Attack Hunting Engine (known as the Attack Hunter).
Reggie Waje, Chief Technology Officer of 3 Layers Technologies said, “We see CYBOWALL as a great fit to our current offering. It is perfectly aligned with our solutions and completes the story of our cybersecurity offering: identity, protect, detect, respond, recover and continuous monitoring. Above all, we value the platform’s ability to manage many security engines from one dashboard and believe it can be a game-changer in the Philippine market, especially in the SMB/SME sector.
CYBOWALLis a non-intrusive, agentless solution that continuously monitors your network across all protocols and extends to all endpoints. It combines multiple cybersecurity tools and capabilities in one solution to monitor and protect IT networks in real-time, detecting and reacting to threats as they arise, providing a unified defense platform against a continuously evolving threat landscape.
About 3 Layers Technologies
3 Layers Technologies is a preeminent value-add distribution company in the Philippines focusing on Network Security, Optimization and Cybersecurity which is its core strength. They offer advance cyber security solution that is not yet heard or have no presence in the Philippines.
Utilizing SOC Automation to Enhance Threat Detection
Cybercrime has gradually evolved into a thriving industry and is expected to inflict over $5 trillion worth of damages annually by 2021, making the prevention and detection of cyber vulnerabilities paramount. Persistent efforts by enterprises to combat and mitigate the risks arising out of cyberattacks have led to the convergence of AI (Artificial Intelligence) and ML (Machine Learning), across the cybersecurity landscape, triggering the onset of automation practices. Cybersecurity automation is being hailed as the next big step in information security, attributed especially to the cumbersome endeavors required for manually managing cybersecurity policies.
Reports from cybersecurity experts and industry research have consistently highlighted the shortage of skilled IT security personnel. In 2019, it was estimated that over 40% of organizations lacked the required cybersecurity skills to improve their security posture. Ironically, this is also one of the biggest challenges while implementing cybersecurity automation, with only 30% of organizations featuring an in-house team capable enough to use security automation.
ABOUT CYBERSECURY AUTOMATION
Today, there are numerous cybersecurity products designed to automate processes. For instance, vulnerability management products such as anti-malware may be set up to scan and automatically detect BYODs (bring your own device) on an organization’s system. These products identify cyber threats and eliminate identified defects based on the security protocols outlined by the organization. When talking about adopting new best practices in automation, gurus in this industry refer to security equipment like Robotic Process Automation (RPA), and Security Operations Center (SOC) automation are used when a security operations center automates aspects of their cybersecurity defense such as detection, investigation, and response. One of the more common types of SOC automation is via SOAR (Security Orchestration Automation and Response).
SOC AUTOMATION – USE CASES
The goal of SOC automation is to augment the SOC team to speed up the time from detection to remediation. Most SOCs face a lack of manpower which makes it overwhelming, if not impossible, to handle the number of alerts the SOC sees each day. By automating aspects of the SOC, the SOC team can focus on complex threats and not waste time on benign alerts or known threats. Known threats can be quickly resolved by automating the response process.
Research has identified the following seven unique use cases for SOC automation.
1. Incident analysis
Various AI techniques are used to mine data on security incidents, parse them based on parameters, cluster them for commonalities and assign risk scores. The core role of SOC analysts is to monitor for threats, but historically, this has required tedious and repetitive triage for them. This could result in misidentified threats, inefficient use of highly skilled analysts, staff burnout and turnover. AI helps scale analysis efficiently by casting a wide net that continues to grow wider and wider.
2. Landscape analysis
AI is harnessed to defend widening topologies. Companies are digitizing more and more of their operations. This includes updating old and developing new internal, often hybrid, platforms and networks. As more employees use cloud apps and mobile devices for work, not to mention increase IoT configurations, the enterprise security perimeter spans far beyond the organization’s traditional “four walls.” Extensive network and endpoint security resources are required to manage all communications, transactions, connections, applications, and policies. These resources are often disconnected, thus limiting visibility and details of the risk profile. AI can support, reach and scale across these heterogeneous topologies while correlating threats and assessing how one threat may impact another resource.
3. Incident detection
This SOC automation use case helps differentiate and prioritize different classes of threats and distributes notifications or prevention activities accordingly. This could take many forms, from automating ticket creation and adding pertinent remediation information to detecting the presence of malware before malicious files are opened. AI-powered incident detection is obviously crucial for preventing attacks as it reduces dwell time and accelerates time to repair, but it is also enabled preemptive and proactive measures.
4. Incident response
AI is used to preempt malicious attacks by automating containment actions; orchestration of software, devices or networks; or the deployment of other specific safeguards. Incorporating AI’s predictive capabilities helps complete the shift from reactive cybersecurity mitigation to a proactive cybersecurity strategy in an enterprise’s fight against hackers. The use of AI-powered incident response applications in organizations today remains incremental, but a proactive approach to the never-ending cybersecurity storm is critical for enterprise security.
5. Emergent threat mitigation
SOC automation is used to learn about novel threats by recognizing patterns or clusters and then providing feedback. Some companies are training machine learning algorithms to recognize attacks perpetrated by other machine learning algorithms, such as smart malware or artificial hackers and bots that personalize attacks tailored to specific victims.
These emerging, AI-based threat mitigation techniques will prove useful as attack tactics, such as malware, botnets, and ransomware, continue to mutate along with the pernicious ways AI is used to target and manipulate user and business vulnerabilities.
6. Gamification of security training
AI can also be used to simulate diverse types of attacks and make the education process more fun, engaging and competitive for security analysts. Microsoft’s Into the Breach exercise is one example in which the company divided SOC analysts into different teams. The teams were challenged to defend against AI-generated threats, which were developed based on data and techniques derived from real-world attacks.
While nascent, this SOC automation application has the potential to scale a culture of security far beyond the SOC. Not only will it make security training more accessible, personalized and fun, but it can also arm the front line of cybersecurity with essential awareness and security workflow best practices.
7. Human SOC analyst augmentation
This is the AI market’s parlance for how AI is used to optimize humans’ threat intelligence and mitigating actions. Although automated techniques are better at managing the volume of potential threat vectors, AI is not equipped for complex problem-solving. Human analysts remain the essential arbiters to develop controls, explain threat techniques and uncover attackers’ motives. Tests show that the highest performance and accuracy of machine learning are often achieved due to a combination of human and AI intelligence. Thus, AI is unlikely to completely displace SOC analysts but rather supplement the team’s efforts and talents.
CYBOWALL / CYBOSOC – AN AUTOMATION-MANUAL HYBRID SOLUTION
CyboWall is a next-gen cybersecurity solution that utilizes Artificial Intelligence & Machine Learning to reduce the complexity of cybersecurity and provide an integrated platform with uniﬁed visibility and management.
CyboSOC is a cloud-based management application tailored to manage many CyboWall through one management dashboard console. CyboSOC has been created to allow MSP / MSSP organizations that are servicing end customers using their analysts, to manage and monitor several CyboWall entities within one management application.
CyboSOC Superior management platform allows MSPs and MSSP to connect to all CyboWall entities that are spread across end customers’ sites and multisite organizations, whether they are deployed on-premise (Agentless), or operational through a cloud (agent-based).
CyboSOC main features:
- Remote monitoring and management over different end-customers’ entities which operate CyboWall under one management platform.
- Clear vision on ongoing breach attempts in every CyboWall (which is assigned to an end-user site).
- Remote analysis of ongoing alerts and events of every remotely monitored CyboWall, including visibility on Cyber-attacks over these entities.
- Centralized management of every CyboWall, (end-user), with assignment of new tenants, billing and invoicing procedures.
To learn more and to book a demo click here.
Written by: Ziv Simhon, VP of Sales at CYBOWALL
Can AI Solve the Lack of Manpower & Expertise in Cybersecurity?
There are several factors why organizations today lack in house AI & cybersecurity expertise:
- Cybersecurity and AI professionals are in high demand, but not enough supply exists.
- According to a research carried out in the UK cyber security labor market, on behalf of the Department for Digital, Culture, Media and Sport (DCMS), approximately 680,000 businesses (50%) have a basic skills gap in cybersecurity.
- The responsibility for cybersecurity handling in small-medium companies usually placed on the IT Manager who has limited time and resources to stay current with new and innovative technologies and releases.
The problem is made worse by the fact that it takes human analysts to comb through the security alerts and other “noise” to identify possible threats to the organization. This is not possible with a small IT team. Even when a company has a full complement of specialized cybersecurity teams, systems, and other resources, this still can occur.
The use of Artificial Intelligent (AI), and Machine Learning (ML), can significantly improve security by increasing the amount of data that can be analyzed – a particularly important aspect of threat detection. There is no doubt This would reduce the likelihood and impact of cyber events. AI and ML can uncover more security vulnerabilities and identify real threats faster than humans can. Despite this, due to a lack of well-trained AI/cybersecurity team members, the burden of cybersecurity threat detection often falls on unqualified and inexperienced IT staff, which subsequently increases an organization’s risk of becoming a target.
Consider the overwhelming volume of threat alerts that cybersecurity teams are exposed to each that could easily reach more than 5,000 per day. In this case, AI can feed these alerts through powerful threat models to assign severity profiles, so that busy security teams can quickly investigate them and present the higher-risk ones, rather than others that are just “noise.” This drastically helps to reduce the number of alerts that must be dealt with each day.
The use of artificial intelligence in cybersecurity tools like CYBOWALL becomes a win-win: Not only do they help find real threats, but they do it much faster than past methods. For instance, where human teams may have once required days (or even weeks) for exploration and understanding the nature of cyber threats in their network, these AI capabilities can complete the analysis in just a matter of seconds.
An effective threat detection solution must work across the entire organization – overall physical sites, remote users, data centers, and cloud environments. If security teams need an extensive stack of tools to do this, it adds extra effort and complexity, which equals lost time and risk to properly detect, verify, and stop attacks.
CYBOWALL allows its users to automatically process no less than 8 security engines through a unified management platform that includes asset management protection, vulnerability assessment, intrusion detection, anomalies, malware hunter, honeypot, file integrity monitoring, and SIEM. These are orchestrated by a powerful AI Attack Hunter, an autonomous machine learning & multi-step g and multi-step attack hunting.
This innovative approach enables the IT security teams to monitor larger volumes of suspicious behavior while reducing the false positives, giving the teams a load of work that can handle. The fact that the results from all these security engines are collated into one easily managed dashboard means that the IT security teams don’t have to toggle from one solution to the next, saving them precious time while increasing productivity.
So to answer the question of whether AI can solve the lack of manpower and expertise in cybersecurity, the answer is a resounding yes.
To learn more and to book a demo click here.
Written by: Ziv Simhon, VP of Sales at CYBOWALL
User & Entity Behavior Analytics (UEBA), Explained
User and Entity Behavior Analytics, or UBEA, uses large datasets to model typical and atypical behaviors of humans and machines within a network. This means that UEBA can detect non-malware-based attacks because it analyzes various behavioral patterns. UEBA also uses these models to assess the threat level, creating a risk score that can help guide the appropriate response. Increasingly, UEBA uses machine learning to identify normal behavior and alert to anomalies and risky deviations that suggest insider threats, lateral movement, compromised accounts, and attacks.
Baselining is key to a UEBA system, as it makes it possible to detect potential threats. The UEBA system compares the established baseline with current user behavior, calculates a risk score, and determines if deviations are acceptable. If the risk score exceeds a certain threshold, the system alerts security analysts in real-time. By defining such baselines, UEBA can identify suspicious behavior, potential threats, and attacks that traditional antivirus may not detect.
The 3 Pillars of UEBA
- Use cases: UEBA solutions report the behavior of entities and users in a network, to detect, monitor, and alert on anomalies. UEBA solutions need to be relevant and support multiple use cases.
Gartner sees UEBA being applied to use cases where finer-tuned analytics and gathering more context is essential, including:
– Malicious Insiders
– APT groups leveraging zero-day vulnerabilities
– Data exfiltration involving novel channels
– User Account access monitoring
- Data sources: UEBA solutions can ingest data from a general data repository. Such repositories include:
– Data warehouse
– Data lake
– Security Information and Event Management (SIEM)
- Analytics: UEBA solutions isolate anomalies using analytic methods, including machine learning, statistical models, rules, and threat signatures.
UEBA vs. SIEM
Security information and event management (SIEM) is the use of a complex set of tools and technologies that give organizations a comprehensive view of their IT security system. It makes use of data and event information, allowing visibility into normal patterns, and delivering alerts when there are unusual circumstances and events. SIEM is similar to UEBA in the sense of using user and entity behavior information to define what is considered a normal behavior and what is not.
SIEMs are good security management tools but are less sophisticated when it comes to more advanced threat detection and response. SIEMs can handle real-time threats rather easily, but they may be unable to detect sophisticated cyberattacks. This is because sophisticated cyberattacks avoid simple one-off threats and instead engage in an extended attack that can go undetected by traditional threat management tools for several weeks or even months.
On the other hand, UEBA solutions can detect more sophisticated threats, such as those that might be undetectable today but over time display a surprising pattern. Malvertising is an example of this, a seemingly harmless advertising applet downloaded to a browser that collects user data or infects a user’s device.
By stacking UEBA and SIEM tools together, enterprises are better able to defend themselves against a wide range of threats. By focusing less on system events and more on specific user or entity activities, UEBA builds a profile of an employee or entity based on usage patterns and sends out an alert if it sees unusual or suspicious user behavior.
With UEBA suspicious user behavior can be detected in the cloud, on-premises, and inside business applications – with an unparalleled time-to-value. Other benefits include:
- The primary pro of UEBA is that it allows you to automatically detect a wide range of cyber-attacks
- Because UEBA allows fewer security analysts to do more, it can also significantly reduce your cybersecurity budget
- UEBA can drastically reduce the detection time of malware outbreaks by using algorithm-driven analytics to detect beaconing, lateral movement, or weaponization
- Outputs from the UEBA module can be correlated with SIEM events, making the original events more insightful than ever
- Discover suspicious user behavior by statically or dynamically enriching the original log data using the information from machine learning
- Incidents can be visualized using dashboards and search templates for faster threat hunting
UEBA + SIEM
With CYBOWALL you don’t have to settle for either as it offers both SIEM and UEBA technologies. In addition to those, CYBOWALL offers 7 other security engines that help protects the organization from ongoing threats and cover:
- Asset Management
- Vulnerability Assessment
- File Integrity Monitor (FIM)
- Intrusion Detection (IDS)
- Malicious Traffic Detection
- Malware Hunter
The above security solutions are orchestrated by UEBA as well, and by a powerful Attack HunterTM; an Autonomous Machine Learning and Multi-step Attack Hunting Engine. Together, they allow organizations to manage all security threats from one unified platform, offering more protection than any other solution in the market.
To learn more and to book a demo click here.
Written by: Moshe Amiel, Cyber & AI Expert, Advisory Board Member at CYBOWALL
Ballsiest Hacks of 2021 (so far…)
The rising trend in data breaches continues to angle upwards, and as a result, there have never been more precarious times in history to launch and maintain a successful business.
To prevent the repetition of mistakes that result in data theft, we’ve compiled a list of the most interesting data breaches in 2021.
As you’ll see in this article, even successful companies like Facebook, LinkedIn, and Twitter that have deep pockets to hire top industry talents and invest in adequate cybersecurity technological solutions, are vulnerable to the rising trend of data breaches.
One of the most prominent manufacturers in the personal computing market fell victim to a hacker attack. The hackers managed to infiltrate the company’s servers, steal information, encrypt it and even cause the company to turn off their servers located in the Taiwan headquarters until further notice. The damage caused by this attack damaged the different sites of the company.
The hacking group, Ransom EXX, did not make its demands public, but did say it stole data amounting to 112 GB of information and threatened to disclose it if the company did not pay – and the main victims of such exposure are reported to be AMD and Intel.
Gigabyte reported that the damaged servers have been disconnected from the company’s general network and that it had contacted law enforcement. It also did not confirm that the attacker was indeed Ransom EXX and that the stolen information did indeed include confidential commercial information.
Information scraped from around 500 million LinkedIn user profiles is part of a database posted for sale on a website popular with hackers, the company confirmed Thursday.
The sale of the data was first reported in April 2021 by cybersecurity news and research site CyberNews, which said that an archive including user IDs, names, email addresses, phone numbers, genders, professional titles, and links to other social media profiles was being auctioned off on the forum for a four-figure sum.
The news comes just days after a separate incident in which data scraped from more than 500 million Facebook users in 2019 — including phone numbers, birthdays, emails, and other information — was posted publicly on a website used by hackers. While these kinds of data are less sensitive than, say, credit card details or social security numbers, information like phone numbers can still be exploited by bad actors, including for robocall scams.
3. Colonial Pipeline
The Colonial Pipeline attack is likely the most important U.S. cyberattacks of the year so far – both for its ability to show the devastating potential of cybercrime and for the robust federal response it inspired. It also showed our country is still completely and utterly addicted to oil and will be for the foreseeable future.
In May, hackers affiliated with the ransomware gang DarkSide managed to get inside the network of Colonial Pipeline, one of America’s largest oil and gas companies. By temporarily halting the pipeline’s operations, the attack not only spurred a short-lived energy crisis throughout the Southeast – the likes of which devolved into a panicked melee at gas stations in multiple states – it also fundamentally shifted how the federal government approaches cyberattacks of this nature. Following the attack, the FBI managed to trace and seize a significant portion of the cryptocurrency ransom payment that Colonial made to the hackers – a somewhat unprecedented development. At the same time, the event helped to catalyze an accelerating government initiative to crack down on cybercriminals, including a new ransomware task force put together by the Justice Department and other defensive policies put out by the Biden administration.
4. US Metroplitan Police
While maybe not one of the biggest attacks of the year, the hacking of Washington, D.C.’s Metropolitan Police Department was certainly one of the most dramatic incidents in recent memory — and showed a new willingness by ransomware gangs to target law enforcement agencies with increasingly dangerous tactics. The ransomware gang Babuk attacked MPD in April, making off with 250 gigabytes of sensitive internal data — including disciplinary files on past and current police officers, intelligence on a local protest activity, and, most alarmingly, information on informants embedded in criminal networks scattered throughout the city. The hackers then threatened to leak the data if their demands of a $US4 ($5) million ransom were not met. Cops were so distressed they offered to pay $US100,000 ($128,260) for the files, though the hackers declined — and subsequently dumped everything online.
ACER was attacked by the REvil hacker group, the same group responsible for an attack on London foreign exchange firm Travelex. The $50 million ransom stood out as the largest known to date. REvil hackers exploited a vulnerability in a Microsoft Exchange server to get access to Acer’s files and leaked images of sensitive financial documents and spreadsheets.
This May, the European insurance company AXA was attacked by the Avaddon gang. The attack happened soon after the company announced important changes to its insurance policy. Essentially, AXA stated they would stop reimbursing many of their clients for ransomware payments. This unique (and somewhat ironic) attack on a cyber-insurance firm made headlines and the hacker group gained access to a massive 3 TB of data. (BlackFog)
7. KIA Motors
This February, Kia Motors, a subsidiary of Hyundai, was reportedly hacked with ransomware(opens in a new tab). Although Kia reported a widespread IT and systems outage, they did not confirm the hack. Still, many experts believe the claims by the DoppelPaymer gang demanding a $20 million ransom. The gang has released some stolen data, but updates on the hack have not surfaced in the news for the past few months.
8. Facebook, Instagram & LinkedIn
In January earlier this year, a Chinese social media management company, Socialarks, suffered a data leak through an unsecured database that exposed account details and Personally Identifiable Information (PII) of at least 214 million social media users from Facebook and Instagram, and LinkedIn. The exposed information for each platform varies but includes user’s names, phone numbers, email addresses, profile links, usernames, profile pictures, profile description, follower and engagement logistics, location, Messenger ID, website link, job profile, LinkedIn profile link, connected social media account login names and company name.
9. Microsoft Exchange
In March, Cybercriminals have targeted four security flaws in Microsoft Exchange Server email software. The attackers used the bugs on the Exchange servers to access email accounts of at least 30,000 organizations across the United States, including small businesses, towns, cities and local governments. The cyberattack gives the hackers total remote control over affected systems, allowing for potential data theft and further compromise. Microsoft has released security patches for these bugs and urges customers to apply the updates as soon as possible.
In February of, 2021: An undisclosed number of T-Mobile customers were affected by SIM swap attacks, or SIM hijacking, where scammers take control of and switch phone numbers over to a SIM card they own using social engineering. With access to customer phone numbers, scammers receive messages and calls which allows them to log into the victims’ bank accounts to steal money, change account passwords, and even locking the victims out of their own accounts that use two-factor authentication. The attack also exposed customer information including names, addresses, email addresses, account numbers, social security numbers (SSNs), account personal identification numbers (PIN), account security questions and answers, date of birth, plan information, and the number of lines subscribed to their accounts.
Safeguard your organization from being the next victim
As you can learn from this article, no one is safe from being a victim of a cyber-attack. Even leading enterprises of all industries are susceptible to attacks. Smaller firms are at even greater risk as they commonly lack the resources, cybersecurity technology, monitoring functions, knowledge base and budget to ward off emerging threats.
Every organization needs to have a robust cybersecurity solution that can detect and stop attacks in its tracks. One solution in particular that fits any budget is Cybowall, a non-intrusive, agentless solution that continuously monitors networks across all protocols and extends to all endpoints. It combines multiple cybersecurity tools and capabilities, packaged in one solution to monitor and protect IT networks in real-time, detecting and reacting to threats as they arise, providing a unified defense platform against a continuously evolving threat landscape.
To learn more and to book a demo click here.
Written by: Ziv Simhon, VP of Sales at CYBOWALL