Representative offices: 

Request callback
btn

Hacking of Microsoft by Russian hackers and its significance in the field of cybersecurity

Release

After a Russian-aligned hacker group gained access to the email accounts of Microsoft's top executives, CrowdStrike CEO George Kurtz said in a TV interview that the expose contained "scant" details that did not explain what really happened.


Chief Executive Officer of CrowdStrike George Kurtz, criticized Microsoft for providing "scant" details about the hack that affected senior Microsoft executives and suggested that the disclosure did not provide a meaningful explanation of how the incident occurred.

Kurtz, whose company is Microsoft's main competitor in many segments of the cybersecurity market, made the comments on Monday during an interview on CNBC.

To watch the full version of the interview, please follow by the link

On Friday, January 19, Microsoft reported that a Russian-linked threat actor had stolen emails from members of its senior management team, as well as employees of its cybersecurity and legal departments. The details of this incident are covered by CRN with a comment from the CEO of CrowdStrike.

The tech giant attributed the attack to a group it tracks as Midnight Blizzard, and previously tracked as Nobelium, and which Microsoft holds responsible for the large-scale SolarWinds hack in 2020..

The names of the Microsoft executives whose accounts were affected were not disclosed.

In its announcement on Friday, Microsoft said the incident began with a password spray attack in late November 2023 that compromised "an account of an outdated, non-production test tenant.".

In an interview with CNBC, Kurtz emphasized that this explanation for the Microsoft hack is not entirely true.

“I’m confused, because what Microsoft talks about is [that] it was a non-production test environment. So how does a non-production test environment lead to the compromise of the most senior officials in Microsoft [and] their emails?” he said. “I think there's a lot more that's going to come out on this.”

In his criticism, Kurtz also referred to the timing of the Microsoft disclosure, which was released on Friday after the stock market closed for the weekend.

In addition to the blog post, Microsoft discussed the incident in a filing with the U.S. Securities and Exchange Commission on Friday, as part of its compliance with recently introduced cyberattack disclosure rules for public companies.

“When you drop this on a Friday at five o'clock, and you have scant details, I think there's more to come on it,” Kurtz said during the CNBC interview.

Microsoft declined to comment further to CRN on Tuesday.

In its announcement on Friday, Microsoft said that the attackers used permissions from the initially compromised account to "access a very small percentage of Microsoft's corporate email accounts, including those of members of our senior management team and employees from cybersecurity, legal and other functions, and stole some emails and attached documents."The hack also affected accounts belonging to the company's cybersecurity and legal staff, as well as "other functions," Microsoft said.

Microsoft said that its security team learned about the compromise after it detected "an attack by a state actor on our corporate systems" on January 12, 2024.

Secure Future Initiative

In its post, Microsoft also made two references to its Secure Future Initiative, a set of major changes announced in early November 2023 aimed at improving Microsoft's security, as well as the security of its widely used platforms.

"As part of our ongoing commitment to transparency, recently affirmed in our Secure Future Initiative (SFI), we are sharing the latest news," Microsoft said in a statement on Friday.

During an interview with CNBC on Monday, Kurtz questioned the emphasis on this initiative that Microsoft placed on its disclosure.

“When you look at some of the things that Microsoft talks about [in the disclosure], it's secure initiatives and it's marketing around this,” he said. “If they spent some more time on coming clean on what happened here and less on the marketing and papering over it, I think it would be good for the industry.”

A series of hacker attacks

The incident followed last year's high-profile hacking of Microsoft cloud email accounts belonging to several US government agencies.

The attack, discovered in June 2023, is believed to have affected the emails of Commerce Secretary Gina Raimondo, as well as US Ambassador to China Nicholas Burns and officials at the Department of Commerce. According to reports, a total of 60,000 emails were stolen from 10 US State Department accounts in the China-related compromise.

A frequent critic of Microsoft's security, Kurtz told CRN in an interview in 2023 that the cloud email hack was an example of how Microsoft's security "failures" had jeopardized the US government and businesses.

Ultimately, Microsoft's security problems "put millions and millions - tens of millions - of customers at risk," he told CRN earlier.

Kurtz, who is also the co-founder of CrowdStrike, echoed these comments in an interview with CNBC on Monday. "I think what you're seeing here is a systemic failure at Microsoft that is putting not only their customers at risk, but also the U.S. government, which is a big customer," he said.

The Microsoft paradox in the context of cybersecurity

Microsoft has always been a popular target for attackers. When you have the world's dominant operating system and a significant market share in email platforms, productivity software, cloud services, and applications, attackers will try to find weaknesses that can be exploited.

The situation is complicated by the fact that Microsoft is not only a software and operating system provider, but also one of the leaders in the cybersecurity market. They offer tools and services to protect against cyberattacks, often targeting vulnerabilities in their own products.

In the digital world, where the number of threats is constantly growing and attackers are finding new methods to achieve their goals, it is important to stay one step ahead of the attackers and ensure your infrastructure has reliable solutions to protect against cyber incidents.

The iIT Distribution portfolio includes solutions from industry-recognized vendors. Our partners, clients, and organizations of any size can request a trial version of any vendor's solutions through the feedback form on our website. Stay safe and secure!

Back

CrowdStrike's undisputed leadership and Gartner recognition

News

CrowdStrike is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.


If a picture is worth a thousand words, then the Gartner® Magic Quadrant 2023 for Endpoint Security Platforms speaks for itself.

Today, we are proud to announce that CrowdStrike has been named a Leader in the Gartner® Magic Quadrant™ for Endpoint Security Platforms in 2023. The company was ranked first in the Completeness of Vision category and first in the Ability to Execute category among the 16 vendors that participated in the study.

The AI-powered Extended Detection and Response platform (XDR) CrowdStrike Falcon , is the most powerful, effective, and innovative cybersecurity platform on the market today. And the only platform that delivers the best security on the market for endpoints and beyond, for organizations of all sizes.


Defining the Future of AI Cybersecurity

This is the fourth time in a row that Gartner has ranked CrowdStrike highest in the Completeness of Vision category, which we believe positions the company as a trusted innovation partner in the endpoint security space.

Since CrowdStrike's founding, the company has been leveraging the power of artificial intelligence to innovate detection and optimize analysts' work. CrowdStrike pioneered the endpoint threat detection and response market by developing an AI-powered platform designed to centrally analyze trillions of events every day and enrich that information with world-class analytics to identify hostile activity patterns and stop cyberattacks. Since then, the company has continued to innovate in endpoint security and is a leader in AI, as evidenced by the recent announcements of CrowdStrike Charlotte AI, AI-powered indicators of attack (IOA) for advanced behavioral analysis, and continuous improvement of its advanced AI-based detection engine.

These AI innovations help organizations more quickly detect, respond to and prevent threats. The AI-native platform, with a single lightweight agent, empowers customers to simplify their operations and consolidate disjointed point products to achieve a unified defense against increasingly sophisticated attacks targeting endpoints, identities, cloud workloads and more.

Cybersecurity consolidation has been a key focus for organizations seeking to improve security outcomes, reduce technology sprawl, and minimize cost and complexity. Customers are consolidating with CrowdStrike because the Falcon platform makes it easy to expand protections beyond the endpoint to defend cloud, identity and data using the same lightweight agent and command console.

And while adoption of our XDR solution has soared, we’ve doubled down on R&D. The recently announced Raptor release of the Falcon platform introduces more innovative XDR capabilities that radically transform the speed and efficiency of investigations with generative AI and a completely reimagined analyst experience.

Cybersecurity Built for Every Organization

Gartner positioned CrowdStrike highest in Ability to Execute, which we believe acknowledges our trusted combination of a unified, innovative platform and professional services to protect organizations of all sizes.

Our cloud-based endpoint security solutions have been designed to protect a wide range of organizations. CrowdStrike is trusted by the world's leading enterprises and government agencies, and we recently made it easier for small and medium-sized businesses (SMBs) to take advantage of our market-leading cybersecurity. CrowdStrike Falcon® Go offers award-winning AI-powered cybersecurity to protect SMBs from ransomware, data breaches, and other threats. With just a few clicks, users of all skill levels can quickly and easily deploy CrowdStrike endpoint security.

For organizations that require additional support, CrowdStrike offers round-the-clock expert management, monitoring, proactive threat detection, and comprehensive remediation. In May, Gartner ranked CrowdStrike as the #1 company in the "Market Share: Managed Security Services, Worldwide, 2022" for Managed Detection and Response (MDR) market share for the second year in a row. We believe that this, along with recognition in the Gartner® Magic Quadrant™ for Endpoint Security Platforms 2023, validates CrowdStrike's ability to deliver innovative and powerful endpoint security solutions for every organization.


Learn more about the components of the CrowdStrike solution and evaluate their effectiveness in person.


The iIT Distribution – is the official distributor of CrowdStrike solutions. We help organizations ensure comprehensive protection and increase the efficiency of their IT infrastructures. Our approach provides customers with the necessary software, hardware, implementation and support services.

Back

Case Study: Ukrtelecom's Cybersecurity Transformation: Optimized SIEM Rules and Rapid Threat Detection Engineering

Articles and reviews

For Ukrtelecom, Ukraine’s premier fixed-line telephony operator and a leader among Internet providers, cybersecurity isn’t just nice to have—it’s an absolute necessity. With a vast network serving nearly 6.5 million fixed-line telephony subscribers and over 1.6 million high-speed Internet clients, protecting its services against a surging wave of cyber threats is critical. This case study explains why Ukrtelecom partnered with Picus Security to validate the effectiveness of defense mechanisms and enhance operational resilience.

The Challenge


The Shortcomings of Traditional Assessment Methods

In the past, Ukrtelecom heavily leaned on penetration testing as their primary method for routinely evaluating network and system security. While this approach was a valuable aspect of their security strategy, it had its constraints. Solely relying on penetration testing fell short in providing the comprehensive insights that Ukrtelecom, under the leadership of Oleksandr Shchutskyi, Head of Information Security Systems Administration, sought to acquire.

They weren't just interested in identifying vulnerabilities; they aimed for a deeper understanding of how their security controls were performing. The limitations of penetration testing included its inability to continuously assess defenses in real-world scenarios, to anticipate how emerging threats could affect their systems, and to proactively address any vulnerabilities in their security posture.

It became evident that a more holistic and proactive approach, as recognized by Oleksandr Shchutskyi and his dedicated team, was necessary to meet these demands and achieve a comprehensive view of their security landscape.

Solutions


Optimized SIEM Rules and Rapid Detection Engineering

Shchutskyi highlights that partnering with Picus Security triggered a transformative shift in Ukrtelecom’s cybersecurity strategy. By simulating the latest cyber threats in Ukrtelecom’s environments, The Picus Platform empowers Ukrtelecom to continuously test the efficacy of its network and endpoint controls. This proactive approach allows them to swiftly take action to address any coverage gaps, reinforcing their cyber defenses.

The ability for the Picus Platform to integrate with Ukrtelecom’s prevention and detection controls stood out as a key advantage. So too did the platform’s ability to provide actionable mitigation insights, including prevention signatures and detection rules.

In Shchutskyi's words, "Picus Security's integration capabilities empowered us to optimize our SIEM rule base, facilitating rapid detection engineering". This optimization effort resulted in a remarkable expansion of Ukrtelecom's SIEM rules from 200 to 700, ensuring their ability to swiftly detect and respond to potential threats.

The Result


Proactive Security

Picus Security transformed Ukrtelecom’s cybersecurity approach from being reactive to proactive. Through continuous assessments of the company's SIEM and EDR systems and providing actionable insights to mitigate vulnerabilities, Ukrtelecom can efficiently address gaps and stay ahead of emerging threats.


Optimized Security Controls

The Picus Platform’s ability to integrate with prevention and detection controls has substantially improved Ukrtelecom’s security posture. Expanding SIEM rules from 200 to 700 wasn't just about quantity—it was about optimizing the fidelity of detections to ensure that rules effectively triggered when malicious behavior in its network is identified.

Furthermore, by harnessing the Picus Platform's automation capabilities and customized SIGMA rules, Ukrtelecom has embraced a more proactive approach, bolstering its defenses and strengthening its cyber resilience within an ever-changing and unpredictable threat landscape.

"Picus Security's SIGMA rules were instrumental in streamlining our detection engineering, offering a significant boost to our security readiness through automation" , says Shchutskyi.


Quick Time to Value

Rapid deployment of The Picus Platform was a critical factor for Ukrtelecom. With the support of a highly responsive team, Ukrtelecom swiftly adopted Picus Platform without disruption to daily business operations. This was essential for maintaining operational resilience in an era where downtime often results in lost revenue and reputational damage.

"Picus Security's responsiveness was instrumental during our integration challenges, helping us effectively address the issues we faced."


Demonstrated Results

Ukrtelecom’s security team has also harnessed the power of The Picus Platform's reporting functionality, which plays a pivotal role in measuring and communicating the organization's security posture to C-level executives. PDF reports provide concrete evidence of the improvements in Ukrtelecom’s security posture in a format that is easy for security and business leaders to understand. With these reports, Ukrtelecom has fostered transparency and collaboration between the security team and top leadership, reinforcing their dedication to improving security and resilience.

"The Picus Platform's reporting feature empowered us to showcase our security enhancements, making it clear to our C-level executives that we were committed to safeguarding our organization."


As an official distributor of Picus Security, iIT Distribution has played an important role in bringing the vendor's advanced solutions to the Ukrainian market. Our experience and deep understanding of the Ukrainian market allowed us to offer Picus Security solutions tailored to the specific needs of Ukrainian companies.

iIT Distribution's comprehensive approach to project implementation includes close cooperation with our partners, provision of the necessary software and hardware, implementation and promotion services, starting from needs assessment to training of customer personnel.

Back

CVE-2023-46747: F5 BIG-IP - Вразливість неавторизованого віддаленого виконання коду

News

On October 26, 2023, F5 published an advisory about the AJP Smuggling vulnerability found in F5 BIG-IP products. CVE-2023-46747 is a critical vulnerability that allows unauthenticated attackers to execute arbitrary commands as root on vulnerable devices. The vulnerability has a CVSS rating of 9.8 (critical) and organizations are advised to patch affected F5 BIG-IP platforms.

Read more about the F5 BIG-IP CVE-2023-46747 vulnerability and how organizations can protect themselves from attacks using CVE-2023-46747.


Explanation of the AJP Smuggling vulnerability

Apache JServ Protocol (AJP) is a binary protocol designed to proxy inbound requests from a web server to an application server that runs Java-based applications. This design is typical in environments where a web server handles static content and forwards dynamic content requests to the application server. AJP Smuggling, similar to HTTP Request Smuggling,exploits discrepancies in how servers interpret the AJP protocol, leading to a situation where an attacker can smuggle or insert malicious requests that the server inadvertently acts upon. This vulnerability can have various impacts, ranging from bypassing security controls to gaining unauthorized access or even executing arbitrary code, depending on the configuration and the specific environment. Since AJP is designed to be used internally between trusted servers, it often lacks the necessary security controls to validate and sanitize requests.

Vulnerability Apache Tomcat CVE-2020-1938, also known as Ghostcat, is a well-known example of AJP smuggling vulnerability. Ghostcat allows attackers to read or include any files in the Tomcat webapp directories through the AJP port, leading to information disclosure or even potential remote code execution if the server allows file uploads.


What is F5 BIG-IP CVE-2023-46747 Remote Code Execution Vulnerability?

The F5 BIG-IP products are used by many organizations worldwide to manage and secure their web traffic. The F5 Traffic Management User Interface (TMUI) is an integral component of the F5 BIG-IP system. It serves as a graphical user interface (GUI) that provides users with an intuitive platform to manage and monitor the many functionalities of the BIG-IP system. The F5 TMUI routes all HTTP requests to different services on the backend and requests to "/tmui" endpoints are forwarded to Apache JServ Protocol (AJP) service listening on port 8009.

Security researchers at Praetorian Labs found an AJP smuggling vulnerability in the "/tmui" endpoint that allows unauthenticated adversaries to bypass authentication and execute commands with root privileges [2]. CVE-2023-46747 has a CVSS score of 9.8 (Critical).


Mitigating F5 BIG-IP CVE-2023-46747 Remote Code Execution Vulnerability

F5 released hotfixes for vulnerable F5 BIG-IP products. Organizations are advised to patch their vulnerable F5 BIG-IP products as soon as possible. Affected products are listed below.

The productVulnerable versionHotfixed version
F5 BIG-IP (all modules)17.1.017.1.0.3 + Hotfix-BIGIP-17.1.0.3.0.75.4-ENG3
16.1.0 - 16.1.416.1.4.1 + Hotfix-BIGIP-16.1.4.1.0.50.5-ENG3
15.1.0 - 15.1.1015.1.10.2 + Hotfix-BIGIP-15.1.10.2.0.44.2-ENG3
14.1.0 - 14.1.514.1.5.6 + Hotfix-BIGIP-14.1.5.6.0.10.6-ENG3
13.1.0 - 13.1.513.1.5.1 + Hotfix-BIGIP-13.1.5.1.0.20.2-ENG3

If installing hotfixes is not an available option, organizations can use the following measures as temporary mitigations to defend themselves against CVE-2023-46747 attacks.

  • Blocking Configuration Utility Access

The vulnerable component of F5 BIG-IP is the Configuration utility. The access to the Configuration utility should be limited to only trusted users and devices over a secure network. By changing the Port Lockdown setting to "Allow None" for each self IP address, access to the Configuration utility can be restricted.

Organizations are advised to block or restrict access to the Configuration utility through self IP addresses and the management interface.


How Picus Helps Simulate F5 BIG-IP CVE-2023-46747 Attacks?

We also strongly recommend modeling the vulnerability F5 BIG-IP CVE-2023-46747, to verify the effectiveness of your defenses against sophisticated cyberattacks with Picus The Complete Security Validation Platform. You can also test your defenses against other vulnerability-based attacks, such as Log4Shell, Looney Tunes, and ProxyShell, in minutes with the Picus platform.


Understanding the effectiveness of your own security infrastructure is becoming increasingly important in a world where threats and vulnerabilities are evolving at an incredible rate. In this context, Picus Security solutions play a key role. They help organizations not only identify and eliminate potential weaknesses in their security systems, but also assess how effectively security tools can withstand real-world attacks in real time, which provides the necessary level of protection and confidence.

iIT Distribution is the official distributor of the Picus Security in Ukraine, Uzbekistan, and Kazakhstan. Fill out a short contact form on our website and test The Complete Security Validation Platform in action.

Back

Cloud storage security best practices

Articles and reviews

Cloud storage has brought numerous benefits to organizations, including easy accessibility, scalability, and cost-effectiveness. Public cloud providers continue to develop the technology and add new features to improve efficiency and security. However, there are security concerns that you should be aware of and be prepared to address potential security issues in the cloud. Let’s go over all potential risks and data protection practices to prevent data loss in the cloud.



What is cloud storage security?

Cloud storage security refers to the technologies and measures used to protect data stored in cloud-based storage systems from data breaches, data loss, and a range of other security threats. These security measures are implemented partly by the vendor and partly by the organizations that own the data to ensure confidentiality, integrity, and availability.

The specific security measures taken will vary depending on the type of data, the cloud deployment model (public, private, hybrid), and the organization’s security policies.

Let’s first look at the cloud storage types:

  • Public cloud. Cloud resources are owned and operated by third-party providers, shared among multiple users and accessed over the internet. Examples include Amazon Web Services (AWS), Microsoft Azure та Google Cloud.
  • Private cloud. Cloud resources are dedicated to a single organization and can be hosted on-premises or by a third party. They offer more control and customization options but require a higher initial investment.
  • Hybrid cloud. Combines the elements of both public and private clouds, allowing data and applications to be shared between the two. The public and private cloud environments are typically integrated and orchestrated to work seamlessly together. This setup offers more control and flexibility over how IT resources are used and over security.



Potential Risks of Cloud Storage Security

Some security threats are common to both private and public clouds as a result of the underlying technology and the nature of cloud computing, with both delivering resources over a network. However, some differences exist between the two deployment models, which give rise to unique security considerations.



Common potential security risks

Cloud security issues lead to severe repercussions on business reputation and bottom line as a consequence of:

  • Data breaches involve unauthorized individuals gaining access to systems, in particular to sensitive, confidential or private information. Data breaches can lead to serious legal issues and financial loss.
  • Data loss resulting from technical failures, human error, or other unforeseen events is a risk with both models. Data loss can have serious consequences if an organization does not have a backup and recovery plan in place.
  • Compliance and regulatory Issues. Regulatory compliance challenges can exist in both private and public clouds, especially when handling sensitive data subject to industry-specific or regional regulations. Many countries have data protection, data localization and data sovereignty laws. One of the examples is GDPR.

The main security threats that lead to these consequences are:

  • Data encryption. Unencrypted data makes it easier for attackers to access this data and corrupt or steal this data. Encryption is essential for protecting data at rest and in transit in both private and public clouds.
  • Access control. Proper access control mechanisms are critical to prevent unauthorized access to data and resources in both deployment models. Poor identity and access management (IAM) in cloud storage leads to data breaches, unauthorized access, insider threats, compromised credentials, lack of auditing, compliance violations and over privileged users, increasing security risks and compromising data integrity.
  • System vulnerabilities refer to the potential for security weaknesses or flaws in the underlying hardware, software, or infrastructure of cloud storage systems. They can be exploited by malicious actors to gain unauthorized access, compromise data integrity, and disrupt cloud services.
  • Misconfigured cloud involves resources, services, or security settings that are not properly configured. This allows attackers to exploit these weaknesses to gain unauthorized access, compromise data integrity and disrupt services. Hackers pose a significant concern for cloud storage due to their ability to exploit vulnerabilities and weaknesses in cloud environments.

In addition to that, there are security concerns that are specific for each type of cloud.



Public cloud security concerns

  • Shared public cloud infrastructure relies on servers in datacenters shared among customers without customers having direct access to them. Cloud providers usually don’t provide a specific physical server for each customer. Public clouds involve shared resources, which increases the risk of data exposure due to vulnerabilities in neighboring cloud tenants.
  • Accidental data access and leakage is a significant threat in cloud storage, especially in multi-tenant environments. These terms refer to situations where sensitive or confidential data is inadvertently made available to unauthorized individuals or entities. Such incidents can have serious consequences for individuals and organizations, leading to privacy breaches, legal liability, reputational damage, and financial loss.
  • Third-party risk. Organizations using public clouds rely on the security practices of the cloud service provider, introducing concerns about the provider’s security posture. Organizations don’t have physical control over the cloud infrastructure and may have privacy concerns about the data stored there.
  • Scale of attack surface. The broader public cloud environment presents a larger attack surface compared to private clouds, making it more challenging to secure.
  • Dependency on provider. Organizations using public clouds might face difficulties in switching providers due to lock-in, affecting their control over data and resources.
  • Data residency and sovereignty. Data stored in public clouds might be physically located in various geographic regions, raising concerns about compliance with data residency and sovereignty regulations.


Private cloud security concerns

  • Physical security. In private clouds, organizations have more control over the physical infrastructure where the data is stored, reducing the risk of physical breaches. This greater control requires high responsibility because improper security configuration can lead to issues with data stored in a private cloud.
  • Network isolation. Private clouds are typically isolated from external networks, reducing the exposure to attacks from the public internet. However, if there is internet access or some data is shared with external resources, there is a risk of data breaches or infections if the network is not properly configured.
  • Insider threats involve a former worker, business partner, contractor or a person who has access to data or infrastructure or an organization misusing their insider access. Examples can be copying data for competitors, using the infrastructure, etc. While still a concern, insider threats may be more manageable in private clouds since access is limited to authorized personnel within the organization.



How to Secure Cloud Storage

Securing cloud storage, whether in a public or private cloud environment, requires a comprehensive approach that combines technical controls, policies, and best practices. In this section, you can find an explanation of how to secure cloud storage in both public and private cloud settings.



Securing public cloud storage

Choose a reputable provider. Opt for well-established and reputable cloud service providers that have a strong track record in security and compliance. You should also:

  • Review the security practices of your cloud provider, including data encryption, access controls and incident response protocols.
  • Understand your provider’s shared responsibility model to know which security aspects they handle and which you’re responsible for.

Data classification. Classify your data based on sensitivity levels to apply appropriate security measures. Not all data needs the same level of protection.

Access control and authentication

  • Implement strong authentication mechanisms such as multi-factor authentication (MFA) to prevent unauthorized access.
  • Set up role-based access controls (RBAC) to ensure that users have the minimum necessary permissions.

By combining strong password management practices with multi-factor authentication, organizations can significantly reduce the risk of unauthorized access, data breaches and other security threats to their cloud storage systems. Users are required to provide something they know (password) and something they have (second authentication factor), creating a more robust and layered security approach.

Securing private cloud storage

  • Physical protection. Maintain physical access controls over your private cloud infrastructure to prevent unauthorized entry to data centers. Ensure that attackers cannot physically access your network, for example, via Wi-Fi.
  • Network isolation. Use network segmentation and isolation techniques to separate different parts of your private cloud, reducing the attack surface. Securing cloud storage from a network isolation and security perspective involves implementing measures to prevent unauthorized access, data breaches, and network-based attacks.
  • Internal access control. Implement strict user access controls and authentication mechanisms to prevent unauthorized internal access. Use strong passwords in your infrastructure and encryption keys or certificates. Change passwords periodically if a strict security policy requires that.
  • Vulnerability management. Regularly perform vulnerability assessments and penetration testing on your private cloud infrastructure to identify and address weaknesses. While public cloud providers patch software in their cloud infrastructure regularly and automatically, you should care about installing security patches in the private cloud.
  • Incident response. Develop an incident response planto address security breaches and data breaches promptly and effectively.
  • Employee training. Provide training to employees on security best practices, emphasizing their role in maintaining a secure private cloud environment.
  • Configuration management. Maintain strict control over configurations to prevent misconfigurations that could lead to security vulnerabilities.



Security measures for both public and private cloud

Patch management. Keep cloud applications and operating systems up to date with the latest security patches to mitigate vulnerabilities. Ensure timely application of security patches and updates to all components of your private cloud infrastructure.

Network security. Use virtual private networks (VPNs) to establish secure connections to the cloud, enhancing data security during transmission. Implement firewalls and intrusion detection/prevention systems to monitor and control network traffic. Proper configuration can help to avoid unauthorized access, DDoS attacks and other attacks.

Data encryption:

  • Data at rest. Use encryption mechanisms to secure data stored in the cloud, ensuring that even if unauthorized access occurs, the data remains unreadable.
  • Data in transit. Encrypt data as it travels between your local systems and the cloud servers using protocols like SSL/TLS.

Apply encryption to data at rest and in transit within your private cloud environment. Encryption adds an essential layer of security that helps mitigate the risks associated with cloud storage, including data breaches, unauthorized access, and compliance violations. Organizations should consider encryption as a fundamental aspect of their cloud storage strategy to ensure data remains protected even лицем нових загроз безпеці.

Client-side encryption significantly enhances cloud storage security by allowing data to be encrypted on the client’s side (before being uploaded to the cloud) and only decrypted by the client with the appropriate decryption keys.

However, it’s important to note that while client-side encryption offers heightened security, it comes with management complexities. Users must manage their encryption keys, which, if lost, can lead to permanent data loss. Additionally, encrypted data cannot be searched or indexed by the cloud provider, potentially impacting features like full-text search.

Regular audits and compliance. Conduct regular security audits to assess the effectiveness of your security measures and ensure compliance with industry standards.

Regular monitoring and auditing. Set up robust logging and monitoring systems to detect and respond to any suspicious activities within your private cloud. Monitoring plays a crucial role in enhancing the security of cloud data storage by providing continuous visibility into the environment, detecting anomalies and enabling swift response to potential threats.

  • Continuously monitor your cloud environment for unusual activities using security information and event management (SIEM) tools.
  • Conduct regular audits to review access logs and ensure compliance with security policies.

Data backup and recovery:

  • Regularly back up your data and test data recovery processes to ensure роботи в разі втрати даних.
  • Implement robust backup and disaster recovery solutions to ensure data availability and resilience in case of incidents.
  • Implementing backups for data stored in the cloud can significantly enhance cloud storage security by providing an additional layer of protection against data loss, breaches and unforeseen events. Backups involve creating duplicate copies of data and storing them in separate locations, ensuring data resilience and mitigating risks.
  • Maximize backup benefits with regular, automated backups, off-site storage, encryption, testing and retaining multiple backup versions. This comprehensive approach fortifies data resilience, reduces risks and bolsters cloud storage security.
  • Follow the 3-2-1 backup rule.

In both public and private cloud scenarios, security is an ongoing process that requires vigilance, adaptation to new threats and continuous improvement. It’s important to customize your security strategy based on your organization’s unique needs, the sensitivity of your data and the specific cloud deployment model you’re using.



Using NAKIVO Backup & Replication for Cloud Data Protection

NAKIVO Backup & Replication is a universal data protection solution that helps you protect your data in the public and private cloud. The NAKIVO solution supports backup of the following objects that can be stored in the cloud:

  • Amazon EC2 instances
  • VMware VMs
  • ВМ Hyper-V
  • Microsoft 365
  • Oracle databases
  • NAS backup (SMB and NFS share backup)

Flexible options allow you to store backups and backup copies in different locations, including on-premises and the public cloud), according to the 3-2-1 backup rule:

  • A local backup repository on a physical or virtual machines
  • An SMB or NFS share
  • Amazon S3 and other S3-compatible cloud storage, such as Wasabi
  • Azure Blob Storage
  • Backblaze B2 cloud storage
  • Tape
  • Deduplication appliances

In addition to that, NAKIVO Backup & Replication provides the Site Recovery feature to create complex disaster recovery scenarios and automate DR processes. The product also supports data encryption in transit and backup repository encryption.



Learn more about NAKIVO

iIT Distribution distributes and promotes NAKIVO in Ukraine, Kazakhstan, Georgia, and Uzbekistan. We provide a full range of project management services. Fill out the form feedback form on our website and get comprehensive advice from our highly qualified specialists on testing and implementing your chosen solutions in a real environment.

Back

Cisco acquires Splunk, but how do you convince Splunk customers that Cisco has advantages

Articles and reviews

On September 21, Cisco announced its intention to buy Splunk for $28 billion in cash, its largest acquisition ever and fourth this year. This is a massive investment and win for Cisco from two perspectives: observability and security. Cisco’s full-stack observability platform could catapult into relevance against established competitors overnight. Similarly, on the security side, Cisco gains the leading security analytics platform on the market today with an incredibly loyal customer base.

Cisco also gets an added benefit from the Splunk acquisition by way of a recent addition to Splunk’s leadership team that may highlight its plans for generative AI. The acquisition brings with it talent, including Min Wang, Splunk’s chief technology officer. Appointed CTO of Splunk in June of this year, Min has been in technology R&D for 20 years and spent more than five years at Google leading a team responsible for the AI-driven Google Assistant. She is establishing the generative AI capabilities at Splunk to go beyond domain use cases and be open and extensible.

Read about the dynamics for security and observability with the Splunk acquisition below.


Splunk Is Good For Cisco, But Splunk Security Customers Are Wary

Splunk is one of the most ubiquitous and most frequently used security tools in enterprises today. The platform has consistently been named a Leader in the Forrester Wave™ for its flexibility and vast capabilities for alerting and compliance. Splunk also has an incredibly loyal set of users, which, more than anything else, serves as a fanbase for the brand. Security leaders struggle, however, with Splunk’s lack of innovation over the past several years and how costly the offering can become. Even the addition of alternative pricing models has done little to change that.

These factors add up to this acquisition being a massive win for Cisco’s security business. Most XDR vendors have shifted to having a SIEM or SIEM alternative offering in their portfolio. This acquisition positions Cisco to have both sides of the coin — detection and response focus in XDR with Cisco XDR, and flexibility and adaptability in a security analytics platform with Splunk. This solidifies Cisco as a key player in two massive markets: XDR and SIEM. The acquisition also helps position Cisco to better compete against the Cortex platform for security operations from rival Palo Alto Networks.


Security Practitioners Will Need To Be Won Over

As with most acquisitions, it’s not all sunshine and rainbows. What Cisco does with the Splunk product will determine if it’s a win for security practitioners.Cisco has long been a case study for acquisitions that don’t live up to their initial promise and suffer from underinvestment and a lack of focus. Security leaders know this. In fact, since this was announced, many have demonstrated concern that this pairing will degrade the quality of the SIEM that they’ve come to rely on more than any other SecOps tool.

That said, there are exceptions to this, such as how, in recent years, Cisco has maintained the Duo, Meraki and ThousandEyes acquisitions as standalones. To keep Splunk’s massive, loyal user base, Cisco needs to follow a similar model and let Splunk deliver what Splunk does best: a flexible, powerful SIEM offering (and the cool t-shirts and hoodies their loyal users love).

There will also be an opportunity to evolve the Cisco story for identity threat detection and response(ITDR).Earlier this year, Cisco acquired a startup Oort, which deals with ITDR. The combination of Splunk, Oort, and Duo will allow Cisco to tell a differentiated ITDR story. This will give the company a new direction of development that was not previously inherent in Cisco, namely, identity security.


The Security Industry — And SIEM Market — Is Experiencing Massive Disruption

This acquisition signals a massive inflection point for the SIEM market.This is a concern for Splunk users who have a negative view of Cisco's role in security and how it will affect Splunk's innovation.

This uncertainty will cause Splunk customers to explore alternatives, and we expect to see experimental deployments of other smaller security analytics players as backup. This will also be a boon for Microsoft Sentinel.

Microsoft is the biggest SIEM competitor to Splunk right now. Splunk customers will flock to or expand their Sentinel deployments as they hedge their bets between where Cisco takes Splunk and where Microsoft takes Sentinel.

Lastly, this shift in the market opens up an opportunity for XDR vendors with a SIEM replacement strategy like CrowdStrike and Palo Alto Networks to swoop in and push customers away from a traditional SIEM deployment. This is still early days for vendors and customers and requires a change in mindset to get right, which will hold certain teams back from making the transition in the short term.


Cisco Acquires Splunk To Increase Its Relevancy In An AIOps, Hybrid, Multicloud World

Splunk is a stalwart in the operational arena, used by enterprises across the globe in every industry. Its superior log management capabilities are entrenched in enterprises, but its observability features within its AIOps offering are what made it a Strong Performer in The Forrester Wave™: Artificial Intelligence For IT Operations, Q4 2022. The Splunk platform is trusted by practitioners to provide a complete service view, from back-end monitoring through end-user interactions.

Its loyal customer base openly praises its access to Splunk product teams, describing them as “always willing to listen to their suggestions.” Will this access to product leaders continue under the Cisco banner, or will it get cut off and initiate a Splunk customer revolt?

For Cisco, it gets a Splunk platform that currently surpasses Cisco’s recent announcement of its Full-Stack Observability (FSO) offering. FSO integrates Cisco products such as AppDynamics and ThousandEyes as well as third-party offerings to deliver business risk observability.

FSO will be bolstered by Splunk’s vast and highly regarded observability features, which are sure to fill many of the likely roadmap objectives that Cisco had for FSO. Additionally, Splunk’s strong cloud-based revenue stream adds to Cisco’s top line and helps its transition from hardware producer to operational software provider. With the acquisition, Cisco is also positioned to deliver offerings that support the convergence of operational observability with security, which is already underway.


AIOps And Observability Acquisitions Naturally Cause Hesitation

Splunk’s acquisition marks the fifth AIOps and observability vendor to change ownership in 2023 (the others include Sumo Logic, OpsRamp, Moogsoft, and New Relic). Practitioners are in for an interesting ride as they wait to see what exactly Cisco will decide to do with Splunk. Cisco observability offerings could migrate to the Splunk platform, or FSO could become the underpinning platform upon which the Splunk capabilities land.

Cisco could also choose to simply leave Splunk as a standalone offering in the same manner it did with Duo, ThousandEyes, and others. Each direction poses different challenges to practitioners who may need to learn new environments or change vast amounts of integrations.

Not surprisingly, purchases and strategic long-term project plans will be put on hold and more attention will be paid to finding alternatives until the direction of Splunk's future development becomes clear.


Cloud Migrations Are Transforming AIOps And Observability

The AIOps and observability vendor marketplace is shifting fast to meet the demands of enterprises that are moving workloads to the cloud. AIOps platforms such as Splunk with strong observability capabilities are needed to process the data and deliver AI-enriched actionable information.

Competitors such as Dynatrace, Datadog, and ScienceLogic will certainly look to capitalize on this transition period. Data-driven actions require high-quality data that has been correlated and analyzed for causality, something Splunk excels at and Cisco will soon possess. The addition of Splunk gives Cisco an expansive portfolio, and a strategic direction set by FSO makes Cisco a formidable opponent for established market leaders.

Technology leaders as well as AIOps and observability competitors will be watching this closely for any signs of delays or conflicts. Millions of dollars worth of decisions will be held up or redirected while the portfolios, leadership teams, and customer bases of these two organizations learn how to best work together.


Approach With Caution

Since Splunk will span two product groups in Cisco — security and observability — it runs the risk of being torn apart by internal forces. Operating it as a standalone will allow Splunk to serve both constituencies equally and continue growing and innovating. Splunk President and CEO Gary Steele reporting directly to Cisco Chair and CEO Chuck Robbins is a positive sign.

These markets and the vendors in them need the disruption that this acquisition will bring forth, but this all comes with a lot of uncertainty for practitioners.


LogRhythm is a convincing alternative

In the ever-changing cybersecurity landscape, we understand the importance of making informed decisions when selecting a security information and event management (SIEM) vendor.

In a time of uncertainty, more clarity is needed. As the article states, "this uncertainty will leave Splunk customers looking for alternatives," and LogRhythm offers a compelling alternative.

In light of these possible changes, LogRhythm may be a better choice for some organizations. Here are a few reasons why:

  • LogRhythm is an independent product that is not influenced by the development strategy of another company. This means that LogRhythm will continue to evolve in accordance with the needs of its users.
  • LogRhythm has a simpler architecture and user interface than Splunk. This can make it easier to use for organizations with limited resources.
  • LogRhythm пропонує широкий спектр готових до використання правил виявлення загроз. Це може допомогти організаціям швидше виявляти та реагувати на інциденти безпеки.
  • LogRhythm offers more affordable prices than Splunk. This can make it a better choice for companies on a budget.
  • LogRhythm delivers consistent, effective innovation every quarter, meeting changing security needs with precision and dedication.

LogRhythm believes that SIEM is not just a tool, but a critical foundation for reliable cybersecurity. A SIEM is not a one-time project, but a journey to maturity that requires a lot of effort, critical thinking, and continuous improvement. The SIEM product and vendor are of particular importance in the ongoing fight against the ever-evolving digital threat landscape.


Learn more about LogRhythm


Take care of a reliable SIEM solution for your business today! Company iIT Distribution is the official distributor of LogRhythm solutions in Ukraine, Kazakhstan, Uzbekistan, Georgia, Azerbaijan, Estonia, Kyrgyzstan, Moldova, Tajikistan, and Armenia. You can schedule a technical demonstration of LogRhythm and order a demo version of the solution using a special form on our website.

Back

CrowdStrike provides 100% coverage according to the MITRE Engenuity ATT&CK Evaluations: Round 5

Release

CrowdStrike has received the highest score in the last two consecutive MITRE Engenuity ATT&CK® Evaluations . The company achieved 100% protection, 100% visibility and 100% detection analysis in the Enterprise Round 5 assessment - which equates to 100% breach prevention and stopping. CrowdStrike also achieved the highest detection rate in testing for Managed Security Service Providers.

However, interpreting Round 5 test results can quickly become very confusing due to the different representations of test results from each vendor. Unlike other third-party analytics companies, MITRE does not place vendors in a quadrant or on a graph, nor does it provide a comparative score. It leaves the interpretation up to each vendor and the clients themselves, which means you'll be inundated with news of "winning" scores.

In MITRE, there are no winners or leaders, only raw data on a vendor’s coverage against either a known or unknown adversary. Without better guidelines and enforcement from MITRE, the results will continue to confuse customers, given the wildly different solutions being tested and approaches to the evaluation.

Evaluations like MITRE can help clarify your choice. We use the evaluations to further sharpen the capabilities of the CrowdStrike Falconplatform, as well as ensure our customers understand our point of view on cybersecurity: Stopping the breach requires complete visibility, detection and protection that you can actually use in a real-world scenario.


How Should You Interpret the Results?

First, it’s important to understand the nuances of the two types of evaluations run by MITRE: open-book and closed-book tests.

Open-book testing for known attackers: The MITRE ATT&CK Enterprise Evaluations, such as the recent Round 5, give vendors months of advance notice on the adversary being emulated and their tactics, techniques and procedures (TTPs), and then measure for coverage in a noiseless lab environment.

Figure 1. CrowdStrike detects 143 (100%) steps during the MITRE Engenuity ATT&CK Evaluation: Enterprise Round 5 with high-quality analytics (Tactic and Technique)

Not all results are equal, which is hard to see in a comparative chart like this, as vendors have the opportunity to tune their systems in advance and apply configuration changes on-the-fly with teams of experts who may be working behind the scenes 24/7 during the testing period. For instance, we’ve seen vendors make updates to operating systems for the test, while others manually fix verdicts or add new context and detections.

Round 5 emulated Turla, which CrowdStrike classifies as VENOMOUS BEAR, a sophisticated Russia-based adversary. Given their advanced tactics, few vendors were able to identify all of their tradecraft, with the average visibility being 83%. High-quality analytic detection of Tactic and Technique were even less, with the average dropping to 66% — with CrowdStrike achieving full 100% coverage with analytic detections.

High-quality analytics are extremely important, as they provide insight into what an adversary is attempting to achieve and how they are attempting to achieve it. High-quality analytic detection provides the context that analysts need, letting them spend less time trying to determine if the alert is a true or false positive, and also provides insight into what an adversary is trying to do. With tactic and technique detections, security analysts can spend more doing what matters: stopping breaches.

In a comparative chart like the one above, it isn’t possible to see if the capability provided is noisy annotated telemetry or important context added to a high-fidelity alert.

Closed-book testing for unknown attackers: MITRE’s Managed Security Services Providers test is a truer measure of how vendors will protect a customer in the real world, with no do-overs or chances to hunt for additional evidence. The only notification vendors receive in advance is a start date, with no visibility into the adversary being emulated or their TTPs. MITRE runs the test, and you get a coverage score.

Figure 2. CrowdStrike detected 99% of adversary techniques during MITRE ATT&CK Evaluations for Managed Security Services Providers.

To find the cybersecurity partner for you, it’s worth reviewing and correlating performance across many different tests that use different TTPs and force products to behave differently to find the true outcome of the platform. Ensure you look at the results of both open-book and closed-book tests, including those that measure false positives and performance, and know exactly what vendors did to achieve their results. Most importantly, make sure you can achieve those same outcomes in your enterprise. Sophisticated adversaries don’t provide the luxury of a heads-up, and customers won’t have potentially dozens of people working behind the scenes on their deployment in the real world.


Stopping Breaches Matters

Next, it’s critical to evaluate how effectively a vendor can stop adversaries without manual intervention. In the open-book Round 5 test, the average blocking rate was 86%, compared to CrowdStrike’s 100% protection. Even more important than the coverage is understanding how the scores were achieved.

  1. Did they use easily bypassed signatures or custom detections requiring prior knowledge?
  2. Are the analytic detections and protections high-fidelity and suitable at enterprise scale?
  3. How can I reproduce this result in my own environment?

For comparison, the CrowdStrike Falcon platform stopped 13 out of 13 scenarios without any specialized knowledge using advanced AI and behavioral analysis. This suggests that AI-based prevention will be just as effective in your environment as it was in the MITRE test.


How Do You Bring It All Together?

Ultimately, how the platform achieved its results is just as important as the coverage itself. With open source tests like the Enterprise Evaluation Round 5, you can hire enough experts to manually add your own tagging, detection, and context to achieve perfect coverage. That's why you'll see vendors shouting about their coverage from all loudspeakers - because, on the surface, many of them have succeeded.

All comparative charts, including those above, show only part of the picture. It is important to pay attention to the details: How you do it is as important as what you do. If you can't achieve results in your environment, it's just a number on a comparison chart. It cannot stop attackers and it cannot prevent breaches.

Ask your vendor, including CrowdStrike, how they achieved their results - and make sure they didn't use titanic manual efforts that will never work in the real world. It's also important to understand exactly what the full bill of materials looks like to reproduce the results. Some vendors require complex point-to-point product deployments, others require an expensive combination of network security software and hardware, and still others require a significant investment in personnel.

Vendors that use special test configurations that cannot be replicated in a real production environment should be considered especially carefully. The CrowdStrike Falcon platform is always delivered via a single lightweight agent that is easy to deploy, easy to manage, and never requires a reboot. We strengthen cybersecurity, achieving better results with a much better ROI.

The company guarantees the quality of its platform and superior coverage of both MITRE’s open-bookand closed-book testing for known and unknown adversaries — providing true breach prevention for the real world.


iIT Distribution is an official partner of the CrowdStrikewhich is responsible for the distribution and promotion of their products in Ukraine, Kazakhstan, Uzbekistan, Georgia, Poland, Azerbaijan, Estonia, Lithuania, Latvia, Kyrgyzstan, Moldova, and Tajikistan. We also provide professional support in the design and implementation of these solutions. Our team is always ready to provide our partners and customers with all the necessary information support related to each product and solution. We are also ready to answer all your questions and advise you on all issues related to improving the efficiency of your IT infrastructure and ensuring its security.

Back

Top 20 Shocking Data Breach Statistics for 2023

Articles and reviews

As we head into the second half of 2023, it's useful to reflect on data breach statistics, as it sheds light on the evolution of the threat landscape: which industries are most affected, and what long-term consequences data breaches can have for individuals and businesses. To provide you with a sober look at the state of data security, data protection provider Lepide has compiled the main trends that will shape the cybersecurity landscape in the coming year.


Data Breach Statistics for 2023

  1. Malware attacks are on the rise again: According to the 2023 Cyber Threat Report by SonicWall, there was a rise in malware attacks, marking the first increase since 2018. The number of attacks surged to 5.5 billion, representing a 2% year-over-year growth. However, it was the significant increase in cryptojacking and IoT malware rates that primarily contributed to this substantial rise.
  2. It takes 287 days to detect a data breach: According to IBM Security, the average time to detect and manage a data breach in 2021 was 287 days. The lengthy response time is due to increasing cyberattack sophistication, limited security expertise, and complex IT environments.
  3. 30% of all large data breaches occur in hospitals: According to recent data, a staggering 30% of all significant data breaches take place within hospitals. Additionally, 2022 witnessed an increase in data breaches for 51% of healthcare organizations compared to 2019. In just the first half of the year, a total of 337 breaches were recorded, adversely affecting 19,992,810 individuals and highlighting the urgent need for improved cybersecurity measures within the healthcare industry.
  4. Remote workers pose a greater security risk: Approximately 54% of IT professionals believe that remote workers pose a greater security risk than on-premise workers. The larger attack surface and differences in remote worker behavior combine to create far more substantial risks for enterprises.
  5. 94% of Malware is Delivered via Email: According to the Verizon report, after examining real-life data from 41,686 security incidents and 2,013 data breaches, they discovered that 94% of malware is distributed via email.
  6. 88% of data breaches are caused by human error: A study conducted by Stanford University and a leading cybersecurity institution reveals that human error is responsible for approximately 88 percent of all data breaches.
  7. The number of ransomware victims announced in March 2023 was nearly double that of April 2022: According to the 2023 Ransomware Landscape Report by Black Kite, the number of ransomware victims announced in March 2023 was almost twice the amount reported in April 2022 and 1.6 times greater than the highest month in 2022.
  8. 98% of organizations are linked to compromised third-party vendors: According to a study conducted by Black Kite, approximately 300 companies were affected by attacks on 63 vendor organizations in the year 2022. In comparison to the previous year, there were on average 4.7 affected companies per vendor in 2022, whereas in 2021 the average was 2.5 impacted companies per vendor.
  9. The United States has the highest number of breached accounts: So far in 2023, the United States has experienced the highest amount of compromised accounts, totaling 55.2 million. The majority of these breaches (49.8 million), occurred in the second quarter.
  10. Ransomware attacks increased by over 37% in 2023: According to the 2023 ThreatLabz State of Ransomware Report, there was a 37% rise in Ransomware attacks in 2023. The report reveals that the average ransom payment by enterprises surpassed $100,000, while the typical demand amounted to $5.3 million.
  11. 41.9m records were compromised in March 2023: According to IT Governance, there were 41.9 million compromised records worldwide in March 2023. These figures show a significant increase compared to March 2022, with a 951% rise in compromised records.
  12. Consumer and retail fraud in UK organizations has risen by 57% when compared to levels before the pandemic: According to a recent survey in England and Wales, approximately half of the adults reported receiving a phishing message in the month leading up to the survey. Scammers have taken advantage of significant events like the COVID-19 pandemic and the increasing cost of living to target individuals. Additionally, there has been a significant increase in online scams, such as advance fee fraud and consumer and retail fraud, due to changes in behavior caused by the pandemic.
  13. 40% of MS Office attacks were delivered as Word attachments: According to Astra Security’s research, Microsoft Office attachments are frequently used by cyber criminals to conceal malware. The study found that Word was the most popular choice, being employed in 39.9% of attacks, while Excel was used in 8.7% of cases.
  14. The UK’s finance sector has seen a significant increase in DDoS attacks: Data obtained under a Freedom of Information request from Picus Security showed that in the first half of 2022, 25% of cyber incidents reported to the FCA were related to DDoS attacks. This is a significant increase from last year's figure of 4%. The number of DDoS incidents reported to the FCA in March and April 2022 exceeded the total number for the whole of 2021. The rise in DDoS attacks can be attributed to the actions of hackers and state-sponsored hacktivists who have targeted Western countries because of Russian military aggression against Ukraine.
  15. Spending on public cloud services will reach nearly $6 billion in 2023: Gartner’s latest forecast predicts that the total spending on public cloud services will reach $591.8 billion in 2023, marking a 20.7% growth compared to the $490.3 billion in 2022. This growth rate is higher than the projected 18.8% increase for 2022.
  16. 30% of all malicious emails came from Russia: In 2022, the share of spam from Russia increased. The study showed that 29.82% of all malicious emails originated from this country, which is more than twice the rate of China, which is 14%.
  17. Security automation can save you $3.05M in a data breach: According to the latest IBM Cost of a Data Breach Report, organizations that implement security AI and automation can save $3.05 million per data breach compared to those that do not. This represents a 65.2% reduction in average breach cost. As cyber threats grow and evolve, being prepared for potential incidents is crucial, and AI and automation are essential tools in this ever-changing security landscape.
  18. 43% of cyber attacks are aimed at small businesses: Small and medium-sized businesses are experiencing a rise in cyber attacks. The Cost of Cybercrime Study by Accenture reveals that small businesses are targeted in 43% of cyber attacks, yet only 14% of them are adequately prepared to safeguard against such threats.
  19. 97% of all security breaches on websites exploit WordPress plugins: From 2012 to 2021, an estimated total of 47,337 harmful plugins were installed, with 94% of them being active on 24,931 various WordPress websites, all of which hosted two or more malicious plugins.
  20. 82% of breaches involved data stored in the cloud: Organizations should look for solutions that offer comprehensive visibility across hybrid environments and safeguard data as it transitions between various clouds, databases, applications, and services.


How Lepide Helps Prevent Data Breaches

The Lepide Data Security Platform stands as a reliable solution to fortify data protection and prevent potential breaches. Designed to ensure data security, the platform employs several key strategies.

  • Real-time Auditing: The platform keeps a vigilant eye on data activities across various systems, instantly pinpointing who accessed what data, when, and from where. This proactive monitoring helps identify suspicious actions that could lead to breaches.
  • Behavior Analytics: By studying typical user behavior, the platform can spot anomalies that indicate unauthorized access or data usage. This proactive approach enables the detection of threats before they escalate.
  • Access Control: The platform empowers administrators to implement stricter access permissions, confining users to the least necessary privileges. This curtails the risk of accidental or intentional data exposure.
  • Sensitive Data Handling: Automated scans classify data based on predefined rules, aiding in identifying sensitive information like personal or financial data. This data is then fortified with enhanced security measures.
  • Incident Response: In the event of a breach, the platform offers incident response capabilities to contain and minimize the impact. It generates alerts in real time, ensuring immediate actions can be taken.


The iIT Distribution is the official distributor of Lepide solutions in Ukraine. We provide full support in planning and implementing vendor solutions projects and strive to provide our customers with the best solutions for building a secure IT infrastructure.

Back

How lifecell Leverages The Picus Complete Security Validation Platform to Safeguard Ukraine's Telecommunications Landscape

Release

lifecell, a leading Ukrainian telecommunications operator, is committed to delivering exceptional services to its customers. Recognizing the importance of information security and the escalating threat landscape in the wake of war in the country, the company embarked on a mission to enhance its security measures.

With over 8 million people relying on lifecell's services, the potential consequences of a cyberattack could be substantial, impacting its ability to provide uninterrupted services. As a result, lifecell wanted to ensure it was able to protect the sensitive data entrusted to them and sought a solution that would fortify their security posture.

Find out how lifecell overcame these challenges by using the Picus Complete Security Validation Platform to measure and verify the effectiveness of their security controls against the latest cyber threats.


Safeguarding a Distributed Workforce Amidst War and Employee Relocations


lifecell faced a unique set of challenges due to the critical situation prevailing in Ukraine. Due to the war situation, the company experienced a significant increase in attacks and other malicious activities. Furthermore, the circumstances forced many employees to relocate abroad, resulting in a drastically changed landscape for lifecell. As a result, protecting its distributed workforce became a critical priority.

With a reduced team size and the evolving security landscape, lifecell sought a solution to help reduce the effort required to validate and optimize the effectiveness of its existing security controls They also aimed to be more proactive by identifying and mitigating threats as early as possible.

"In a challenging environment with a war situation and employee relocations, protecting our internal workforce became critical. Picus Security provided the solution to optimize our workload and address increased security risks effectively."

Stanislav Klevtsov

Information Security Engineer | lifecell


Picus Platform Revolutionizes Lifecell's Security Operations, Empowering Proactive Defense Against Real-World Cyber Threats


In response to their multifaceted challenges and the critical situation in Ukraine, lifecell actively sought a security validation solution that would provide it with the real-time insights it needed to keep its network security controls optimized and minimize the manual effort required to do so. Recognizing the need to shift from reactive to proactive security measures, lifecell chose The Picus Platform as their ideal solution.

"We recognized the demand for a solution that would enable us to proactively manage our security operations and optimize our workload. The Picus Platform emerged as an ideal choice, offering the capabilities we needed to address our security challenges effectively."

Implementing The Picus Platform introduced a new dimension to lifecell's security expertise. Previously reliant on reactive security controls, lifecell could now take a proactive stance. By simulating thousands of real-world cyber threats, The Picus Platform enables the company’s security team to quickly test its firewalls, web application firewalls and endpoint security controls against the latest threats.

"Thanks to the Picus Platform, we do not wait for something to happen. We are proactive and can check beforehand to ensure threats are not affecting us."

The automation capabilities of the Picus Platform have significantly reduced the time it takes to perform security validation. By automating security tasks, lifecell reduced its dependency on manual processes.

"The Picus Platform has helped us optimize our workload by automating security tasks, allowing our team to concentrate on more strategic security endeavors."

Another valuable aspect of The Picus Platform is its ability to identify security control gaps not currently supported by vendors. In such cases, it is able to raise requests with individual vendors to ensure that any missing mitigating signatures are promptly released.

"One of the web application attacks provided by Picus triggered the failover of our web application firewall. Thanks to Picus tests, we found it out and we were able to contact the vendor and provide them with the necessary information about this threat."


The Result

  • Shift from Reactive to Proactive Security

By leveraging the proactive threat simulation capabilities of The Picus Platform, lifecell transitioned from a reactive security approach to a proactive one. This shift empowers them to test their controls against the latest threats as soon as they emerge, allowing for swifter mitigation and reducing the likelihood of security incidents.

  • Workload Optimization

The Picus Platform's automation capabilities have transformed lifecell's security operations, serving as a force multiplier for their small security team. With limited resources, lifecell struggled to allocate enough time for manual validation and optimization of its security controls.

Following the implementation of The Picus Platform, lifecell has been able to continuously strengthen its defenses, eliminating the need for constant manual assessments. The platform significantly reduced the time required for security tasks, enabling the team to prioritize high-priority strategic security initiatives.

  • Enhanced Threat Readiness

Lifecell highly values The Picus Platform's exceptional threat coverage and up-to-date threat library. Regular platform updates ensure lifecell remains at the forefront of security practices, consistently adapting to emerging threats.

  • Vendor Collaboration and Issue Resolution

The Picus Platform's comprehensive testing capabilities played a crucial role in identifying coverage gaps unsupported by security control vendors. This enabled lifecell to promptly notify vendors, provide detailed information about the threats, and work together to address the issues effectively.

  • Assurance and Quantifiable Security

With the Picus Platform, lifecell gains a high level of assurance that ITS security controls are functioning as expected. By conducting simulations and assessments, lifecell can validate the effectiveness of its security measures and ensure they are adequately protecting their systems and data. The platform provides concrete evidence and quantifiable metrics that demonstrate the robustness of their security posture. Furthermore, the results of these simulations can be easily shared with stakeholders through weekly and monthly reports. This transparency allows lifecell to demonstrate the ongoing effectiveness of its security measures, provide visibility into the security landscape, and foster trust among stakeholders, including customers, partners, and regulators.

  • Compliance

Lifecell recognizes the importance of its compliance with the latest regulations and standards in the telecommunications industry. With the Picus Platform, lifecell can ensure the ongoing effectiveness of its security controls, a crucial aspect of maintaining compliance. The platform's continuous monitoring and validation capabilities enable lifecell to assess its security posture against industry best practices and regulatory requirements. By regularly evaluating and optimizing their controls, lifecell can demonstrate its commitment to meeting compliance obligations, protecting sensitive data, and maintaining the trust of customers and regulators.


The iIT Distributionas the official Picus Security distributor in Ukraine, made every effort to ensure the successful implementation of the system. Together with our partners CS Consulting , we provided the technical support and advice the customer needed to implement the project quickly and efficiently.

We are grateful to Picus for their advanced technology and professionalism. Working with such strong partners was a key factor in making this project a success.

Back

Effective communication: Email vs. Instant Messaging?

Articles and reviews

Can you imagine working without email? You’re not the only one who can’t: for decades, email has been an integral part of corporate communication. Even though several other online communication services have emerged since the first email was sent in the 70s, many studies have shown that email still is the most used communication channel. So why should it be replaced or complemented with instant messaging?


Text Messages Are More Likely to Be Read

It’s not unusual to have countless unread emails waiting in the inbox, whereas new messages on the smartphone rarely stay unread for a long time. According to a study by Gartner, the opening rate is 98% for text messages and 20% for emails. In regard to the response rate, the stats are similar: while 45% of all text messages get a response, only 6% of all emails are answered. Due to the daily flood of emails, it’s easy to overlook important information. Long story short: with text messages, you reach recipients faster, and information is more likely to be read than when sent via email.


Not Secure Enough to Exchange Sensitive Information

By default, the email exchange between sender and recipient is not end-to-end encrypted. This means that emails can potentially be intercepted, read, and even manipulated – a considerable risk for companies, especially when sensitive business data is transmitted. The business messenger Threema Work end-to-end encrypts not only text messages but also calls and files to make sure confidential information doesn’t end up in the hands of third parties.

Another risk for companies are cyberattacks via email: According to a Verizon study, , email is used in around 96% of all phishing attacks. With malicious links and fake websites, attackers try to obtain logins and other sensitive data. Threema Work considerably reduces or completely eliminates this risk: Administrators can define in advance that employees are only allowed to be contacted by company members or selected external parties. The verification level additionally indicates whether the chat partner is an internal or external contact, which provides effective protection against phishing.


Instant Messengers Are Established in the Private Sphere

Almost everyone has at least one instant-messaging app on their smartphone to communicate with friends and family members. Exchanging information via chat is effortless and convenient, and so many people are also using their private chat app for business purposes in addition to email. However, regular messaging services don’t comply with current data-protection regulations such as the GDPR, which could lead to financial consequences for a company. The solution is a dedicated instant messenger for work-related matters: users are already familiar with the tool, and requirements for secure corporate communication are met.


Easily Accessible Communication

Sending a message via email is an easy task on the computer. On the smartphone, however, email clients are not as easy to handle, and HTML emails and long threads can quickly result in unwieldy conversations. While attachments in emails often exceed size limits, it’s no problem to send large files and documents via Threema Work. Thanks to the web-client / desktop app, they can also be opened on the computer. If writing down an idea or thought takes too much time, voice messages or a call are the ideal alternative. And since the app is installed on the smartphone, mobile workers can be reached just as easily as those with a permanent workstation.

Despite insufficient security and a lack of efficiency, email plays (and will continue to play) a significant and indispensable role in corporate communication. For secure exchange of business data, more flexibility, and faster communication, however, it’s worth introducing a dedicated business messenger like Threema Work.


Learn more about the Threema solution


The iIT Distribution is an exclusive VAD distributor of Threema solutions. Our experts will provide full professional support in the implementation of the Threema Work application and other vendor solutions.

Back

Mobile Marketing
+