Endpoint Security and Network Monitoring News for the Week of July 7; Aqua Security, amazee.io, FPT Software, and More
The editors at Solutions Review have curated this list of the most noteworthy endpoint security and network monitoring news for the week of July 7. This curated list features endpoint security and network monitoring vendors such as Aqua Security, amazee.io, FPT Software, and more.
Keeping tabs on all the most relevant endpoint security and network monitoring news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy endpoint security and network monitoring news items.
Endpoint Security and Network Monitoring News for the Week of July 7
Aqua Security Threat Alert: “Anatomy of Silentbob’s Cloud Attack”
Aqua Nautilus researchers identified an infrastructure of a potentially massive campaign against cloud native environments. This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy Tsunami malware, cloud credentials hijack, resource hijack and further infestation of the worm. Aqua believes that TeamTNT is behind this new campaign. This investigation was prompted by an attack on one of their honeypots.
amazee.io Recognized with AWS DevOps Competency
amazee.io (a Mirantis company), a DevOps solutions provider, announced this week that it has achieved Amazon Web Services (AWS) DevOps Competency status. This prestigious recognition confirms amazee.io’s expertise and technical proficiency in providing end-to-end solutions in the field of DevOps. AWS DevOps Competency is a highly sought-after accolade that distinguishes providers that have demonstrated a deep understanding of DevOps practices and the ability to provide innovative solutions in this field. It is a testament to its robust capability in delivering solutions and services that help businesses accelerate their time to market and achieve their business objectives more efficiently. Earning the AWS DevOps Competency sets amazee.io apart as an AWS Partner Network (APN) member with expertise in Continuous Integration, Continuous Delivery, and Infrastructure as Code, backed by demonstrated technical proficiency and proven customer success.
Axio Global Unveils Cyber-Physical Attack Quantifier at Lloyd’s Lab Demo Day
Axio Global, a cybersecurity solutions provider, this week showcased a new product concept for quantifying cyber-physical attacks. The event was held at Lloyd’s in front of a live audience and streamed globally. The demonstration was the culminating activity of the Lloyd’s Lab 10th Cohort, a 10-week incubator program for the development of new solutions for the insurance industry. The global program received over 200 applications from 32 countries in which Axio was one of 13 chosen by an expert panel of Lloyd’s and market stakeholders. Axio’s participation in Lloyd’s Lab is a natural progression of Axio’s dedication to helping quantify cyber risk for critical infrastructure organizations. Axio has deep roots in the insurance industry and in securing the world’s most critical assets. Co-founder Scott Kannry was closely involved in developing the first commercial cyber insurance products as an executive at Aon. While co-founder David White was the security architect for the C2M2 model and helped author and contribute to many of the world’s most widely used cybersecurity assessment frameworks, which are available in Axio’s SaaS platform Axio360.
Cyble Launches Global Partner Program “Cyble Partner Network”
Cyble, a threat intelligence solutions provider, is excited to announce the launch of the Cyble Partner Network (CPN) this week. CPN aims to foster collaboration, expand market reach, and provide comprehensive cybersecurity solutions. By joining the network, businesses gain access to cutting-edge threat intelligence, enabling knowledge exchange, innovation, and empowerment to stay ahead in the cybersecurity landscape.
FPT Software Achieves AWS Security Competency Status
Global IT services provider FPT Software has officially obtained the Security Services Competency badge from Amazon Web Services (AWS). This recognition marks an important milestone for the company in delivering Cloud Transformation services, bringing differentiation to its offerings and unlocking positive prospects. For two consecutive years, the company has also been spotlighted in important reports of leading technology research firms such as Forrester and Gartner for its remarkable capability in cloud migration, managed security services, and more. The recognitions reinforce FPT Software’s position as Asia’s leading digital transformation service provider in both Cloud and Big Data services.
Expert Insights Section
Watch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.
Plenty of Phish in the Sea
Aamir Lakhani of Fortinet looks at some of the different bait being dropped by hackers on phishing expeditions people are still falling for. As ransomware incidents continue to climb, we’re seeing that even as things change, there’s a lot that still stays the same. Bad actors are still using the same playbook – and it’s working. A recent survey on ransomware found that phishing remained the top tactic (in 56 percent of cases) that malicious actors used to infiltrate a network and launch a ransomware attack. If it’s not broke, don’t fix it, right? In a sea of possibilities, if the same tactic continues to work, bad actors will keep using it. And phishing has proven time and time again to be highly effective, especially when it’s based in social engineering. It’s also getting easier than ever. Sophisticated phishing tool kits are sold or given away for free on many hacker forums; they’re available to download on sites such as GitHub, and they’re available or distributed through TOR or BitTorrent.
The Future of AppSec Depends on Force Multiplying Talent
Peter Morgan of Phylum predicts that the future of AppSec depends on successfully force-multiplying the talent pool. To plan for the future of Application Security (AppSec), we must rethink our ability to hire and retain talent. Ahead of the economic downturn of 2022, Application Security roles had double-digit negative unemployment rates. These roles were difficult to fill due to the number of roles open, and the challenging experience required by them. These variables caused compensation to skyrocket, and massive tech companies will scoop up more of this small skilled talent pool, leaving gaps for everyone else. This paints a picture of the future reality where application security programs cannot scale as they exist today. There simply is not enough talent to go around for everyone without change. To solve this, we need to consider how AppSec engineers can become force multiplied. One of the shifts AppSec will need to make is the proper use of tools to enable skilled AppSec engineers to cover many more developers than they currently can. To accomplish this, we’ll need to consider changes in the software development process to assist this effort.
SBOM: Unlocking the Power of Software Bill of Materials in DevOps
Curtis Yanko of GrammaTech takes a closer look at the next killer app – the software bill of materials, or the SBOM — and unlocking its potential in DevOps. In the constant struggle against software vulnerabilities and supply chain attacks, the software bill of materials (SBOM) is often touted as a “killer app” that enables all sorts of best practices for secure software development. But even as SBOM use becomes an industry standard, there’s much discussion about why and how they should be used. Let’s start by agreeing to one basic tenet: a software bill of materials is very useful for development operations. In fact, it’s become a requirement since the federal government issued Executive Order 14028 and the Office of Management and Budget’s memo M-22-18, which made them a must for software developers doing business with the federal government. At its most basic, an SBOM is just like any bill of materials, a list of the components in a finished product— in this case, a software program or app. In case of trouble, software developers can zero in on the cause and remediate the issue. After large-scale supply chain attacks like the SolarWinds incident, the government was pressed to act, but meeting a government mandate can turn into a box-ticking exercise if users don’t grasp the fine points of the practice. At the recent SBOM-a-Rama meeting held by the government’s Cybersecurity and Infrastructure Security Agency (CISA), industry professionals remarked the development of government standards is slow, and industries will have to step in to develop data naming quality standards that will enable establishing best practices and automate the production of SBOMs. Some attendees at the CISA meeting even pondered forcing the government’s hand by neglecting to meet the SBOM requirements until the authorities issue standards. But SBOMs are already helpful to DevOps in use cases that go far beyond regulatory compliance.