The Gately Report: Cybereason Helps MSSPs Provide Unified Security, Details Massive Espionage Ring
Also, Hornetsecurity announces its latest acquisition and MarketsandMarkets gives a sunny forecast for cloud security.
![Chinese Cloaked Hackers Chinese Cloaked Hackers](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt8c7243d7a5608236/65242984b388be29bf79970a/Cloaked-Chinese-Hackers.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Channel Futures: Can you talk more about Operation CuckooBees? Who’s been targeted and what sort of damage has been inflicted?
Cybereason’s Israel Barak: The research highlights essentially a global espionage campaign that dates back to at least 2019. Based on the evidence that we uncovered … a Chinese state-sponsored actor that is dubbed Winnti or APT 41 targeted manufacturers in North America, Europe and Asia, specifically in the defense and aerospace, energy, biotech and pharma sectors. And the goal of that operation was basically stealing sensitive documents, blueprints, formulas and manufacturing-related proprietary data. As we were investigating that incident, we actually saw in some of those enterprises that adversary was targeting.
CF: What is Operation CuckooBees trying to accomplish?
IB: Essentially what they were looking for is core intellectual property, core research, core manufacturing procedures in these organizations. Over the years, we believe that the potential damage that they’ve done to these economies and to these companies, if you consider the potential future losses from that stolen intellectual property, is likely in the trillions of dollars both on lost intellectual property and lost revenue. We briefed both the the FBI and the Department of Justice on this research, and provided all the details that we were able to uncover on this specific operation. The bottom line, this is really a form of economic warfare that is very much still ongoing.
CF: Is this threat still out there? Are organizations still being targeted?
IB: Yes, that attack group, specifically APT 41, is … considered the the king of intellectual property theft, especially as it relates to nation-state operations. And they’ve been active nonstop over the years. I think uncovering never-seen-before methods of operations that they were using will likely help us uncover other operations that they’re still executing. But this group has been doing nonstop intellectual property theft from these regions over the years. And there’s really no reason to think that they will stop at any point until there are more significant deterrents in place.
CF: What should organizations be doing that they’re not doing to protect themselves from this industrial espionage ring?
IB: So the first thing when you think about this particular incident, it’s important to understand who this adversary is. This is a very sophisticated nation-state adversary. Many of those that were impacted by this specific adversary need to internalize, but also others in the industry need to first and foremost develop the awareness that these adversaries are going after them. Sometimes there are a lot of organizations that think, ‘Why would I be targeted by a nation-state adversary? I don’t really have anything that’s super important for them.’ The reality is that in some nation-states and China, one of those organization’s manufacturing information is important to their economic growth as a nation-state interest. And so they aim a portion of their nation-state cyber offensive against these organizations that they need to take intellectual property from. And sometimes there’s also the lack of awareness on what will it actually mean to me if my intellectual property is stolen. It’s not ransomware; no one’s shutting down my operation. People just stole the know-how, my proprietary know-how for what I do, how I do the things I do right. The implications of that are actually far greater than just the ransomware because it cuts off the branch that the organization is sitting on for years to come.
The second thing is the traditional perimeter security controls that you often see in manufacturing environments are not going to be able to hold these guys out for long and they’re going to find their way in. And the question becomes, how good is your security program? People, tools and processes, and finding that breach very early and removing the adversary from the network very early because stealing intellectual property takes time. It’s not a matter of minutes. You need to spend a lot of time in that network to find that intellectual property, understand where it is, understand how to gain access to it and then over time take it.
CF: How are partners benefitting from Cybereason XDR?
IB: When we speak to MSSPs, they’re trying to improve their operational efficiency. They’re trying to gain competitive advantage. There’s an overflow of services in the market and they’re trying to be extremely competitive. And one of those key areas where they’re trying to improve is really about bridging those visibility and response gaps between these disparate or siloed security technologies. When they go to offer a service, prospects or customers have dozens, sometimes more than dozens of different network controls, endpoint controls and cloud controls in their network. The question is, how do you bridge all these siloed pieces of security into a single, cohesive value delivery process in the MSSP? And this is one of our main drivers in enabling MSSPs to resolve that by really consolidating the DFIR, the EDR, the XDR and the MDR support as a single platform so they can land with a single tool that can essentially take over all these defense siloed use cases, unify them all, and help them drive one efficient process to deliver security value very quickly and dramatically reduce the cost for the partner to deliver that service and hence, dramatically increase the margins of the service.
CF: Last fall, Google Cloud invested $50 million in Cybereason. In addition, Cybereason raised $275 million last summer. How are Cybereason and its partners benefitting from that funding?
IB: When you look at the goals for what we’re trying to do as a company, we’re continuing to build the business, obviously ramping up and adding new customers and really strengthening the relationships with MSSPs and others in our partner ecosystem. And that’s really where we’re leveraging that funding to gain a lot more momentum in the market, to gain a lot more visibility, and enabling our partners to be more successful and penetrate the market in a better way with us.
CF: What can partners expect from Cybereason for the remainder of 2022?
IB: As a company, obviously we’re focusing on continuing to build the business, to add new customers and really strengthen the relationships with our MSSPs and others in our partner ecosystem. Both on a company level and on a personal level, I think this year and especially the second half of it marks the world transitioning out of COVID-19 mode. It’s really about getting back to meeting each other and our defender communities in person, which I think is a wonderful opportunity to continue to build and strengthen our relationships with our partners and really double down on our engagement with the vendor communities in terms of making the Cybereason brand a lot more visible in the market, and by that, providing our partners a lot more air cover in the sense of leveraging the Cybereason solution.
And in this context, we’ve recently launched the XDR tour, which is a national series of in-person events put together to enable our customers and partners to experience the value of the Cybereason XDR platform. And we’re obviously looking forward to having a very large presence in the upcoming RSA Conference in San Francisco, and really a wide variety of other local and national events, both remote and in-person.
In other cybersecurity news …
Hornetsecurity, a global email cloud security and backup provider, has acquired IT-Seal, a security awareness training company.
This is the latest in a spate of growth-boosting acquisitions by Hornetsecurity since 2019, when the company purchased Spamina, a Spanish cloud email security solutions provider, followed by its British market partner, EveryCloud, in 2020. The company has grown to an international network of more than 5,000 channel partners in recent years.
Located in Germany, IT-Seal offers technologies to train employees at businesses and organizations worldwide. The company uses a security awareness indicator to make security awareness measurable and comparable.
Daniel Hofmann is Hornetsecurity’s CEO.
“This was a strategic acquisition to add another dimension to the comprehensive email security and backup solutions we provide,” he said. “Apart from protecting customers against threats and giving them recovery options should disaster strike, Hornetsecurity will now also help them to build IT security awareness among their employees in a fast and easy way through IT-Seal’s automated approach to training. Organizations will also be able to compare their security levels thanks to IT-Seal’s patented technology, helping them gauge their preparedness against cyberthreats.”
The ability to attain multiple solutions from a single vendor reduces complexity, adds efficiencies, and makes life easier for MSPs and VARs, as well as for end customers, Hofmann said.
“Hornetsecurity’s cloud-based approach and user-friendly control panel also permits the management and monitoring of various functions in one central location,” he said. “This saves time and effort. The addition of tried-and-tested IT security awareness training builds on this approach and maximizes the benefits it provides.”
For cloud security providers, the future’s so bright, they gotta wear shades. That’s because the global cloud security market is expected to grow from nearly $41 billion in 2021 to $77.5 billion by 2026.
That’s according to a new report by MarketsandMarkets, which expects a compound annual growth rate (CAGR) of 13.7% through 2026. Major growth drivers include the increasing number of security breaches and cyberattacks on cloud infrastructure, and strict regulatory compliances toward adoption of cloud services.
Major cloud security vendors include Amazon Web Services (AWS), Microsoft, Google, IBM, Cisco, Check Point Software Technologies, Palo Alto Networks, Fortinet, Sophos, Trend Micro, Proofpoint and more, according to the report.
Based on region, the cloud security market should register a higher growth rate in three regions: Europe, APAC, and Middle East and Africa (MEA). That’s due to increasing adoption of cloud-based technologies, leading to a subsequent rise in the number of online threats.
The APAC market should grow the fastest due to the increasing amount of cybersecurity threats faced by companies in this region, stringent regulatory compliances and increasing penetration of cloud services and solutions among SMEs and large enterprises.
Cybersecurity is becoming a global issue for individuals to large enterprises, MarketsandMarkets said. Cloud security is expected to advance the landscape for improving the overall security of large enterprises and SMEs. The large enterprise segment is expected to be the biggest. Many large enterprises are readily incorporating cloud security services in their network due to the large amount of enterprise’s private information being stored on the cloud.
Many SMEs proactively use cloud services to manage their workload due to low-cost installation and maintenance benefits.
SpiceJet has been hit with a ransomware attack that has caused flight delays ranging from two to five hours, unavailable online booking systems and inaccessible customer service. While SpiceJet’s IT team was able to thwart the attack before it fully took over, customers and employees are still experiencing the ramifications.
This attempted attack follows a January 2020 data breach that reportedly allowed an unauthorized individual to access a database backup file on one of the airline’s poorly protected servers, resulting in the exposure of 1.2 million passengers’ personal information.
Josh Rickard is security automation architect at Swimlane.
“Although SpiceJet was able to curb this attack before it was able to take over fully, most of the time organizations faced with similar cyberattacks aren’t so lucky, and even so, consequences still stand,” he said. “In this case, customers of the second-largest airline in India have taken to social media to express concerns over severely delayed flights and other online access issues. SpiceJet is fortunate that these are the extent of their problems. Had systems been fully breached, they could be facing more severe ramifications consisting of exposed data, systemwide outages and reputation damage.”
To ensure that organizations are prepared to defend against similar cyber incidents, it’s essential that security and IT teams have full visibility into their environments, Rickard said.
“Leveraging low-code security automation allows these teams to respond to threats in real time to limit the consequences of these attacks, as well as to minimize the chance of human error within IT processes by centralizing and automating detection, response and investigation protocols into a single platform,” he said.
Netenrich this week unveiled its new MSSP-focused security operations center (SOC), which aggregates and correlates security and operations data across networks, clouds and applications to prioritize and rank the most critical issues and behaviors.
Data analysis and artificial intelligence/machine learning (AI/ML) determine the top actions to immediately take, scored by risk ranking and data-driven contextual intelligence.
The resolution intelligence platform integrates with Google Chronicle to bring volumes of security data into the platform’s ActOn Data Lake, as well as other data assets for analysis. The platform applies correlation, rules management and threat analysis to deliver prioritized actionable insights and situational awareness.
Raju Chekuri is Netenrich‘s CEO.
“Any organization that needs to operate at service-provider scale must drive towards business resilience across all digital operations,” he said. “MSSPs, MSPs and other service providers that want to gain significant traction in transforming their clients’ operational efficiency also need to build high-quality recurring revenues.”
The platform drives resilience with a RiskOps and operational data analytics approach to secure digital operations, Chekuri said. Partners and their customers will reach new levels of operations excellence at scale and speed.
Netenrich this week unveiled its new MSSP-focused security operations center (SOC), which aggregates and correlates security and operations data across networks, clouds and applications to prioritize and rank the most critical issues and behaviors.
Data analysis and artificial intelligence/machine learning (AI/ML) determine the top actions to immediately take, scored by risk ranking and data-driven contextual intelligence.
The resolution intelligence platform integrates with Google Chronicle to bring volumes of security data into the platform’s ActOn Data Lake, as well as other data assets for analysis. The platform applies correlation, rules management and threat analysis to deliver prioritized actionable insights and situational awareness.
Raju Chekuri is Netenrich‘s CEO.
“Any organization that needs to operate at service-provider scale must drive towards business resilience across all digital operations,” he said. “MSSPs, MSPs and other service providers that want to gain significant traction in transforming their clients’ operational efficiency also need to build high-quality recurring revenues.”
The platform drives resilience with a RiskOps and operational data analytics approach to secure digital operations, Chekuri said. Partners and their customers will reach new levels of operations excellence at scale and speed.
Cybereason is focusing on helping MSSP partners and others bridge siloed security technologies to create unified protection for their customers.
That’s according to Israel Barak, Cybereason’s CISO. Earlier this year, Cybereason launched its new Pay As You Grow (PAYG) program for MSSP partners, providing financial flexibility to increase margins and profitability.
This month, Cybereason announced new incident response (IR) and professional services subscription bundles. They include services to help organizations measure and optimize their security program. They’re packaged with unlimited IR services that identify, contain and remediate malicious cyber incidents.
Cybereason’s Israel Barak
“Essentially IR shops and IR service providers can dramatically reduce their cost for best-in-class IR delivery,” Barak said. “They can scale the IR operation and they can streamline the conversion of IR engagements into an ongoing subscription-based managed detection and response (MDR) business.”
One of the core areas of focus of the IR solution is to augment the Cybereason extended detection and response (XDR) platform and provide defenders with a unified incident detection and response platform, he said.
Incident responders and IR providers can gain a combination of visibility and threat analytics, Barak said. That’s based on both real-time and forensic data from a single tool. It automates the digital forensics and incident response (DFIR) processes.
“And by that, they can simplify and increase the efficiency, productivity and scale of their process,” he said.
In addition, Cybereason has been making big headlines for its threat research. For instance, it recently uncovered a massive China-based industrial espionage ring dubbed Operation CuckooBees.
Scroll through our slideshow above for more from Cybereason and more security news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like