New infosec products of the week: October 16, 2020

Cyborg Security launches HUNTR platform to help orgs tackle cyber threats

Cyborg Security’s HUNTR platform provides advanced and contextualized threat hunting and detection packages containing behaviorally based threat hunting content, threat emulation, and detailed runbooks, supplying organizations what they need to evolve their security analysts into skilled hunters.

infosec products October 2020

Cloudflare One: A cloud-based network-as-a-service solution for the remote workforce

As more businesses rely on the internet to operate, Cloudflare One protects and accelerates the performance of devices, applications, and entire networks to keep workforces secure. Now businesses can protect their workforce in a flexible and scalable way, without compromising security as distributed teams work from multiple devices and personal networks.

infosec products October 2020

Booz Allen Hamilton unveils SnapAttack, bringing together red and blue security teams

By unifying the security lifecycle into a single solution, SnapAttack enables red and blue teams to work together, emulating attacks from intelligence data, sharing insights of malicious behavior, and developing vendor-agnostic behavioral detection analytics to stop advanced adversaries.

infosec products October 2020

BAE Systems unveils cyber-threat detection and mitigation solution for U.S. military platforms

The Fox Shield suite is designed to help platforms detect, respond, and recover from cyber attacks in real time. The system’s cyber resilience capabilities can be integrated into ground, air, and space vehicles to protect our warfighters and platforms from cyber attacks designed to access and degrade mission capabilities.

infosec products October 2020

Shujinko AuditX: Simplifying, automating and modernizing audit preparation and compliance

AuditX automates evidence collection, maps evidence across multiple controls and across different standards, streamlines audit workflow and clarifies communication across teams and with auditors. AuditX organizes evidence in a centralized library for final readiness review and provides a 360-degree dashboard to make the entire process highly visible and predictable.

infosec products October 2020

Masergy extends the value of Masergy SD-WAN Secure to home and mobile users

Masergy’s Work From Anywhere solutions include SD-WAN Secure Home for executives and power users requiring unwavering reliability from their home office connections and SD-WAN On the Go for mobile users needing secure access to corporate and cloud applications.

infosec products October 2020

C2A Security launches AutoSec, an automotive cybersecurity lifecycle management platform

C2A Security announced the launch of its flagship cybersecurity product, AutoSec, a cybersecurity lifecycle management platform. AutoSec meets the rapidly-evolving challenges of vehicle cybersecurity with an open platform that empowers industry stakeholders to identify and mitigate cyber attacks.

infosec products October 2020

Booz Allen Hamilton unveils SnapAttack, bringing together red and blue security teams

Booz Allen Hamilton announced the availability of SnapAttack—a cloud-based software solution that brings together actionable threat intelligence and hacker detection.

By unifying the security lifecycle into a single solution, SnapAttack enables red and blue teams to work together, emulating attacks from intelligence data, sharing insights of malicious behavior, and developing vendor-agnostic behavioral detection analytics to stop advanced adversaries.

Today’s red and blue teams use multiple, siloed products for key functions like threat intelligence, incident detection and response, breach and attack simulation, and continuous monitoring, causing them to struggle to keep up with the latest threats and attack methods.

Compounding the issue, cybersecurity analysts experience alert fatigue from the high volume of alerts they receive, many of which are false positives. In fact, 93 percent of organizations reportedly receive more than 5,000 alerts per day, but on average, security teams only investigate 51 percent of these alerts.

“We built SnapAttack to satisfy a critical need to help our own red and blue teams collaborate more effectively. This approach continually increases our confidence in detecting sophisticated threats through threat hunting and improving our defenses in support of clients worldwide,” said Garrettson Blight, Booz Allen’s Director of Dark Labs.

“We’re now offering this product, borne out of Booz Allen’s expertise in commercial and nation-state-level cyber operations to help our clients do the same.”

As a cloud-based software solution, SnapAttack is always up to date. New attack techniques and analytics are regularly pushed to subscribers, but advanced teams can harness the full power of the platform to create their own attack techniques and analytics based on internal threat intelligence.

With SnapAttack, security teams can:

  • Centralize offensive tradecraft: Capture and organize the latest adversary tradecraft—from their own internal threat data or Booz Allen’s ever-growing attack database—in an easily digestible and actionable way. This helps security teams gain confidence in their organization’s ability to prepare for, prevent, and detect emerging threats. Today, there are more than 1,000 attacks catalogued in the SnapAttack database—and counting.
  • Improve detection with existing tools: Use Booz Allen’s advanced analytic builder to create, test, and deploy high-quality behavioral analytics for their existing security tools. Reduce the time and skill level needed to create new detection logic that has higher confidence and lower false positives, and is more robust to attack variants.
  • Measure and reduce risk: Validate their security controls—such as antivirus, endpoint detection and response, and custom security information and event management (SIEM) alerts—against true positive attacks, mapped to the industry standard MITRE ATT&CK framework. Track detection coverage and gaps, and gain quantifiable evidence of a program’s effectiveness.

“SnapAttack addresses the needs of CISOs and SOC leads to deploy proactive, preventive security measures that continuously test cyber defenses to get ahead of attacks by identifying and addressing potential vulnerabilities and control gaps before the adversary can,” said Brad Medairy, a Booz Allen Executive Vice President and leader of the firm’s cybersecurity and engineering business.

“This tool is a culmination of years of offensive and defensive cyber operations experience – consistently defeating advanced persistent threats.”

Designed to improve the detection of malicious behavior at the endpoint, SnapAttack supports the top endpoint detection and response (EDR) vendors in the marketplace.

How to govern cybersecurity risk at the board level

Rapidly evolving cybersecurity threats are now commanding the attention of senior business leaders and boards of directors and are no longer only the concern of IT security professionals.

govern cybersecurity risk

A report from University of California, Berkeley’s Center for Long-Term Cybersecurity (CLTC) and Booz Allen Hamilton uses insights gleaned from board members with over 130 years of board service across nine industry sectors to offer guidance for boards of directors in managing cybersecurity within large global companies.

Board members just getting started with oversight of cybersecurity

The report reveals that, while many boards regard cybersecurity risk as an “existential threat,” they are not confident they have the information and processes in place to provide effective governance in this high-stakes area of oversight.

Board members largely agree they are just getting started with oversight of cybersecurity and believe the cyber risk environment is not stabilizing or likely to do so in a predictable way over the next few years.

At the same time, boards are wrestling with difficult questions, including whether cyber risk should be addressed as a central part of overall business strategy discussions, and whether it should figure prominently in board-level investment or merger-and-acquisition decisions.

“Until very recently, it was uncommon for boards of directors to address cybersecurity risk in a regular and disciplined fashion,” said Bill Phelps, a Booz Allen executive vice president and leader of the firm’s U.S. Commercial business.

“Today, boards feel a deep sense of urgency to exercise a central role in improving their firm’s cybersecurity posture through enterprise-level governance and oversight.”

Govern cybersecurity risk

The report identifies four “dynamic tensions” likely to shape board governance and oversight of cybersecurity. This includes an organization’s overall risk model or mindset, distribution of cybersecurity expertise on the board, balance between cooperation and competition with other enterprises, and the model for information flows between management and the board.

The report asserts that, in the context of fast-changing regulatory, competitive, and cyber-threat environments, a board should identify its position across these tensions; develop a shared understanding with management about the pros and cons of its position; reevaluate its position regularly to assess the need for changes or upgrades; and grade itself for effectiveness and adaptability.

Key areas of agreement among boards

The report also identifies several key areas of agreement among boards that are shaping perspectives and decisions about where to go and how to begin, including:

  • Cyber risk is no longer confined to a set of operational decisions to be left solely in the hands of IT management;
  • Standard board governance frameworks are not specific enough to create an operational model for cyber risk given the dynamic nature of the threat; and
  • Industry sectors differ in their overall exposure and relative sophistication around cyber risk.

While the report affirms there is “no governance template for cyber that can be applied across sectors and level of exposure,” it offers several recommended actions that boards can take to ensure resilient governance from the top thereby improving a company’s ability to keep up with new and existing cyber threats.

Booz Allen Hamilton announces support for AWS Outposts

Booz Allen Hamilton, announced that it has capabilities to support AWS Outposts—fully managed and configurable compute and storage racks built with Amazon Web Services (AWS)-designed hardware that allow customers to run compute and storage on premises, while seamlessly connecting to AWS’s broad array of services in the cloud.

As an AWS Outposts Partner, Booz Allen has been trained and vetted in delivering positive customer outcomes at scale through re-architecting complex workloads to run on AWS operations.

There are AWS customers today that have certain workloads that will likely need to remain on premises for several years, such as applications that are latency sensitive and need to be in close proximity to on-premises assets.

These customers want to be able to run AWS compute and storage on premises, and also easily and seamlessly integrate these on-premises workloads with the rest of their applications in the cloud.

Until now, customers lacked the same APIs, the same tools, the same hardware, and the same functionality across on premises and the cloud to deliver a truly consistent hybrid experience.

AWS Outposts solves these challenges by delivering racks of AWS compute and storage—the same hardware used in AWS public region data centers—to bring AWS services, infrastructure, and operating models on premises.

As an AWS Outposts Partner, Booz Allen is able to help AWS customers overcome challenges that exist due to managing and supporting infrastructures both on-premises and in cloud environments to deliver positive outcomes at scale.

“We’re approaching a new time where we’re not going to be worried about which region our data is sitting in,” said John Pisano, principal and digital cloud lead at Booz Allen.

“Instead, an ecosystem of devices operating from fixed locations to the edge will take over—whether it’s on the battlefield or in the banking system. AWS Outposts combined with our tactical cloud and edge processing capabilities provides this end-to-end ecosystem for our client’s data regardless of where their data sits.”

The addition of AWS Outposts will aid Booz Allen in achieving the company’s mission of providing clients with best-in-class cloud-based architectures and developing new capabilities that push decision making to the edge providing near real-time, actionable intelligence.