Endpoint Security and Network Monitoring News for the Week of March 3; Approov, Forescout, NRECA, and More

Endpoint Security and Network Monitoring News for the Week of March

The editors at Solutions Review have curated this list of the most noteworthy endpoint security and network monitoring news for the week of March 3. This curated list features endpoint security and network monitoring vendors such as Approov, Forescout, NRECA, and more.

Keeping tabs on all the most relevant endpoint security and network monitoring news can be a time-consuming task. As a result, our editorial team aims to provide a summary of the top headlines from the last month in this space. Solutions Review editors will curate vendor product news, mergers and acquisitions, venture capital funding, talent acquisition, and other noteworthy endpoint security and network monitoring news items.

Endpoint Security and Network Monitoring News for the Week of March 3

Approov Report: “92 Percent of Fintech Apps Immediately Expose Valuable, Exploitable Secrets”

Approov, a mobile security provider, this week issued findings showing that 92 percent of the most popular banking and financial services apps contain easy-to-extract secrets such as API keys, which could be used in scripts and bots to attack APIs and steal data, devastating consumers and the institutions they trust. As well as immediately exposing secrets, scans also indicated two critical runtime attack surfaces that could be used to steal API keys at runtime. Only 5 percent of the apps had good defenses against runtime attacks manipulating the device environment and only 4 percent were well protected against Man-in-the-Middle (MitM) attacks at run-time.

Read on for more.

Salt Security Uncovers API Security Flaws within Booking.com that Allowed Full Account Takeover

Salt Security, an API security company, this week released new threat research from Salt Labs highlighting several critical security flaws in Booking.com. The flaws were found in the implementation of the Open Authorization (OAuth) social-login functionality utilized by Booking.com, which had the potential to affect any users logging into the site through their Facebook account. The OAuth misconfigurations could have allowed for both large-scale account takeover (ATO) on customers’ accounts and server compromise.

Read on for more.

HCLSoftware and SolarWinds Join Forces to Build AI-Based Telecom Observability Platform

HCLSoftware and SolarWinds are expanding their partnership to build an end-to-end 5G network observability platform from Cloud to RAN (Radio Access Network). This joint AI-based solution combines HCLSoftware’s Augmented Network Automation (HCL ANA) platform, HCL DRYiCE iObserve powered by SolarWinds, and other HCLSoftware telecom products with the SolarWinds observability, monitoring, and service management platform to provide a Cloud to RAN5G telecommunications observability platform for mobile network operators.

Read on for more.

Forescout Announces Launch of Forescout XDR

This week, Forescout Technologies Inc., a cybersecurity solutions provider, unveiled Forescout XDR, to help enterprises better detect, investigate, and respond to the broadest range of advanced threats, across the extended enterprise. Seamless integration with Forescout’s network access control solution helps ensure that customers can reduce the attack surface, and the risk of an attack in the first place, by preventing compromised or non-compliant devices from connecting to their networks. This proactive approach to XDR further elevates the effectiveness and performance of a modern SOC. Customers will also be able to automate response workflows that can immediately touch every managed and unmanaged connected device, across the enterprise. This reduces an attack’s blast radius in real-time, allowing proper mitigation or remediation measures to be completed.

Read on for more.

Endor Labs Report: “Top Ten Open Source Software Risks of 2023”

This week, Endor Labs, an OSS security solutions provider, unveiled the top ten open source software risks of 2023. The report is compiled by the company’s Station 9 research team, which brings together global researchers and software development specialists to uncover shortcomings in traditional methods of open source security. The report outlines risks introduced through the dependency on open source components throughout the software development process, from security risks like known vulnerabilities, name confusion attacks and compromise of legitimate packages to operational risks such as outdated, unmaintained or immature software. Adhering to the spirit of collaboration that benefits the whole community, the report features contributions from some 20 industry experts, including CISOs from HashiCorp, Adobe, Palo Alto Networks, and Discord. This is also the first research of its kind to encompass operational risks alongside security threats.

Read on for more.

SlashNext Launches “Industry First” Generative AI Solution for Email Security

SlashNext, a cloud security solutions provider, this week announced the launch of Generative HumanAI, an intelligence solution that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. SlashNext now has one of the most comprehensive cloud email protection with link-based, attachment-based, and natural language-based BEC attacks. This new solution joins SlashNext’s existing HumanAI capabilities, which mimic human threat researchers by combining natural language processing, computer vision, and machine learning with relationship graphs and deep contextualization to thwart sophisticated multi-channel messaging attacks. Generative HumanAI anticipates vast numbers of potential AI-generated BEC threats by using AI data augmentation and cloning technologies to assess a core threat and then spawn thousands of other versions of that same core threat, which enables the system to train itself on possible variations.

Read on for more.

NRECA Launches OT Security Platform, Essence

The National Rural Electric Cooperative Association (NRECA) this week announced the commercial launch of Essence, a next generation Operations Technology (OT) and cybersecurity monitoring solution. Purpose-built to protect America’s critical infrastructure, Essence continuously monitors the operation of electric grids and other operational networks to give real-time situational awareness to owners and operators of critical infrastructure. The program is used by 149 co-ops that collectively provide power to a total of 4.6 million meters. It can effectively be deployed by other types of utilities as well.

Read on for more.

Solutions Review Teams Up With ManageEngine for Live Demo Day

FindsOn March 16th, Cybersecurity solutions provider ManageEngine will be appearing on Solutions Review’s Solutions Spotlights series. In this demo, ManageEngine’s Ray Manash will discuss how AD360, ManageEngine’s IAM solution, can help strengthen your organization’s cybersecurity posture. He will demonstrate how AD360 has a complete suite of products to help manage identities, secure access, and ensure compliance to help you overcome your IT challenges.

Read on for  more.

Expert Insights Section

expert insight badgeWatch this space each week as Solutions Review editors will use it to share new Expert Insights Series articles, Contributed Shorts videos, Expert Roundtable and event replays, and other curated content to help you gain a forward-thinking analysis and remain on-trend. All to meet the demand for what its editors do best: bring industry experts together to publish the web’s leading insights for enterprise technology practitioners.

Rethinking EDR: Why It Isn’t A Comprehensive Cybersecurity Solution

As a contemporary way to detect and thwart malicious activity, Endpoint Detection and Response (EDR) systems are a critical component for many companies’ overall cybersecurity strategy. However, the threat landscape continues to evolve, and so too must the means of protecting against a range of cyber-attacks, many of which have learned to sidestep the protection that EDR systems offer. With the increasing complexity of network environments and the sophistication of adversaries, the question then becomes whether reliance on EDR is a risky strategy, and if so, how to complement EDR with additional solutions to fill these security gaps.

Read on for more.

OT Security: Securing Industrial Components with a Business-First Mindset

The digital revolution has ushered in a new generation of streamlined manufacturing, operations, and logistics. But beware, this new world of connectivity brings with it significant risk. Each new internet-connected device, whether a large manufacturing robot or a small sensor, carries with it the burden of joining your local network in accordance with the latest cybersecurity practices. The problem is that putting too many roadblocks, such as limiting access via firewalls or making access so difficult it impedes productivity, potentially limits its ability to communicate freely with other devices or send critical diagnostic reports back to stakeholders.

Read on for more.

Mike Costello