|
Announcements Metron Partners with Google to support Google SecOps Certified Integrations and Automation: In this partnership, we will support integration development with Google’s SIEM product and also support automation services for its SOAR platform. To read more on the Google SecOps platform, you can check out their official documentation.
Recent Coverage: We were recently featured on HPE's podcast, where they provided deep insights into architecting scalable integrations, deployment, and driving automation in the cybersecurity space. The discussion provides an overview of our development philosophy, the company’s mission, and our technical approach to supporting the customer and partner ecosystem.
|
| | Harness the power of Google SecOps and streamline your integrations with cutting-edge automation. If you're interested in building similar integrations, feel free to reach out to us at connect@metronlabs.com! |
| | Palo Alto Completes its Acquisition of IBM QRadar SAAS
Following up on a topic we discussed in a previous newsletter, Palo Alto Networks has completed its acquisition of IBM's QRadar Software as a Service (SaaS) assets. This move should strengthen Palo Alto Networks' cybersecurity offerings by integrating QRadar's capabilities with their Cortex XSIAM platform powered by Precision AI.
What it means for QRadar customers:
Simplified Security Operations: The combined platform integrates SIEM, SOAR, ASM, and XDR functionalities, streamlining threat detection and response processes. Enhanced Threat Prevention: Real-time analytics and AI-powered automation improve threat accuracy and reduce manual workloads for security teams. Continued Support: IBM will continue to support existing QRadar on-premises customers and even implement Cortex XSIAM for their internal security operations.
QRadar SaaS customers should be able to benefit from a seamless transition to Cortex XSIAM through the free migration services offered by IBM Consulting.
For QRadar integrations, our team at Metron will both develop new ones and migrate existing QRadar integrations from QRadar SaaS to their on-prem instances. We may also end up developing integrations for Cortex XSIAM if they choose to do so rather than migrating over to the existing PAN XSIAM platform. In any event, the PANW team will provide support for the QRadar SaaS to XSIAM migration.
|
| | Highlights from Fal.Con 2024
We were fortunate to attend this year’s Fal.Con in Las Vegas back in September. Below are some of the top announcements from this yearly conference: CrowdStrike unveiled Falcon Identity Protection at Fal.Con 2024. Some of the key highlights of this platform include: Unified Identity Security Solution: Falcon Identity Protection helps address identity security challenges by offering comprehensive protection for endpoints, applications, and data. Enhanced Entra ID Protection: New capabilities that should provide real-time threat prevention, dynamic access decisions, and hybrid risk-based conditional access for Microsoft Entra ID. Falcon Privileged Access: Just-in-time access for privileged administrator roles will likely help reduce the attack surface and enhance overall security. Leverages Falcon Platform: The solution will utilize and integrate with the existing Falcon platform.
For existing Entra ID users, this platform offers:
Real-time Protection: Falcon Identity Protection should sit in line with Entra ID authentication flows, providing more-or-less immediate protection against identity-based attacks. Advanced Threat Detection: Leveraging user behavior analytics and risk-based access decisions, Falcon Identity Protection can likely detect and prevent sophisticated attacks that may evade traditional security measures.
CrowdStrike announced significant advancements in Falcon Cloud Security at Fal.Con 2024. These innovations appear to be aimed at uplifting their cloud security offering by providing a more unified security posture management (USPM) solution across cloud infrastructure, applications, data, and AI.
Key highlights:
Unified Security Posture Management: Falcon Cloud Security now integrates data security posture management (DSPM), application security posture management (ASPM), and AI security posture management (AI-SPM) to deliver a more comprehensive protection across all layers of the cloud environment. Enhanced Visibility and Control: Real-time asset inventory, asset history, and direct cloud log access can provide security teams with a deeper understanding and control over their cloud infrastructure. Smarter Threat Detection and Response: Attack path analysis and improved threat-hunting capabilities come with this addition, along with streamlined detection and response processes. This should enable teams to more rapidly identify and neutralize threats. AI-Driven Protection: Falcon Cloud Security is moving further into AI adoption as it now leverages AI to protect AI models and detect potential threats in real time. It’s aimed to better ensure the security and compliance of AI systems.
CrowdStrike is strategically expanding its reach within the cybersecurity space landscape by forming partnerships with a diverse array of platforms. From identity and access management (IAM) solutions like 1Password to network detection and response (NDR) platforms like ExtraHop, and additional platforms such as Zscaler, Nagomi, Plurilock, and Obsidian, CrowdStrike is demonstrating its commitment to providing a comprehensive security solution.
CrowdStrike's partnerships seem aimed at creating synergistic ecosystems where different security technologies work in harmony, enhancing overall protection. Moreover, CrowdStrike's involvement in initiatives such as the Cybersecurity Startup Accelerator program highlights its ongoing drive towards innovation that we’ve been witnessing lately.
By integrating with various platforms, CrowdStrike is providing a more unified and streamlined security posture. This can lead to reduced playbook complexity, improved visibility, and enhanced protection against emerging threats.
The success of these integrations will hinge on their ability to deliver value to customers, address emerging threats effectively, and maintain compatibility with future security technologies.
|
| | Under the Lens: Recent Developments in the Industry Apple's release of macOS 15 (Sequoia) in September introduced a significant compatibility issue with several cybersecurity products. Tools from vendors like CrowdStrike and Microsoft were adversely affected, rendering them inoperable or significantly hindered. This issue was attributed to a bug within the macOS 15 framework, causing disruptions in network functionality and interfering with the seamless integration of third-party security solutions.
Recognizing the critical nature of this problem, Apple swiftly responded with the release of macOS 15.0.1. This update specifically addressed the compatibility issues, restoring the functionality of affected cybersecurity tools. The underlying bug that caused the initial problems was successfully resolved, ensuring that users could once again rely on their chosen security solutions without interruption.
Beyond the resolution of compatibility issues, macOS 15.0.1 also addressed other network-related concerns, providing users with a more stable and reliable network experience.
This update provided a much-needed solution for users who had been impacted by the initial compatibility problems, allowing them to continue utilizing their preferred cybersecurity tools without hindrance.
In 2024, third-party integrations in OT security focus on several key areas, including Zero Trust Architecture to safeguard both IT and OT systems, cloud-native security tools for remote monitoring, and API security to protect communication between legacy OT protocols and modern platforms. By focusing on these key areas, you can enhance your IT-OT integration capabilities and strengthen your security posture.
AI-driven threat detection is being increasingly integrated to detect anomalies in OT environments, while supply chain risk management tools monitor third-party vendor risks. Additionally, XDR platforms are being adapted to unify IT and OT security layers for enhanced threat correlation and response.
While the integration of these two domains offers numerous benefits, such as improved efficiency, enhanced security, data-driven decision-making, and centralized view, it also presents significant challenges.
One of the primary hurdles in IT-OT integration is the inherent differences between the two systems. IT systems are typically designed for data processing, analysis, and communication, often operating in a controlled environment while OT systems are optimized for real-time control and automation of physical processes, requiring immediate response times and robustness to harsh conditions.
Another challenge arises from the diverse protocols and data formats used by IT and OT systems. This can hinder communication and data exchange, leading to potential errors.
To overcome these challenges, you can:
Establish a unified security framework: A comprehensive security strategy that addresses the unique vulnerabilities of both IT and OT systems is crucial. Invest in advanced technologies: Technologies like the Industrial Internet of Things (IIoT) and edge computing can facilitate seamless data exchange and real-time analytics. Prioritize data quality and standardization: Ensuring data consistency and accuracy is crucial for meaningful analysis and decision-making. Implementing data governance practices and standardizing data formats can help achieve these goals.
If this is of interest to you, Metron's expertise in developing integrations with various IT Ops platforms, such as Jira, ServiceNow, Splunk OT, Tanium - Threat Response, and others, can help you achieve these goals.
Example of IT Ops + OT integrations by Metron: ServiceNow CMDB + IoT platforms.
Cloudflare One's acquisition of Kivera is a great move to extend its SASE portfolio adding capabilities for preventative security controls. Here's a breakdown: Enhanced Cloud Security: Cloudflare One will integrate Kivera's technology, offering proactive controls to prevent misconfigurations and human errors in cloud deployments. This can potentially reduce security risks and data breaches. For Example: A hospital using multiple cloud platforms to store patient data could accidentally leave a database publicly accessible. Kivera's integration with Cloudflare One would detect and prevent this, protecting sensitive patient information. Simplified Security Management: Cloudflare aims for a unified platform with Kivera, simplifying security management across various cloud providers. This aims to save time and resources. For Example: A bank using multiple cloud providers for different services might need help managing security policies across each platform. Cloudflare One with Kivera could provide a centralized dashboard to oversee security configurations.
We would like to give a special shout-out to Neil, Vernon, Joe, and the Kivera team. 🎉
Palo Alto Networks has also been on a similar path as CrowdStrike when it comes to enhancing its security offerings as of late. The company’s partnerships and integrations with industry-leading companies like Veeam, Red Canary, Team Cymru Scout, Cognizant, and now Deloitte, are all clearly aimed to provide comprehensive and effective security solutions.
These collaborations offer several advantages for users of the Palo Alto Networks platform. First, they provide access to a wider range of security tools and technologies, enabling organizations to better protect their networks and data. Second, they streamline security operations by integrating various security functions into a cohesive platform. And lastly, they enhance threat detection and response capabilities, allowing organizations to identify and mitigate threats more quickly and effectively.
These partnerships are driving the adoption of PANW Cortex XSIAM and XSOAR platforms by partners like Cognizant and Veeam. This suggests that PAN is actively expanding its market reach and customer base with these platforms. While the integration process may not differ much, this highlights the growing significance of XSIAM and XSOAR solutions and their potential to increase market share.
Metron has expertise in SOAR platforms and we have built and delivered integrations for multiple customers. For example: Analyst1 + BAS, IBM SOAR + TIP, and Palo Alto Networks - Cortex XSOAR + IoT.
|
| | Application and Version Updates The latest version of Google SecOps was released on 6th October 2024, and the update included:
Some of the earlier updates are as follows:
JupiterOne had its latest version released in September 2024. This update brings several improvements to JupiterOne, including new features, enhanced functionality, and bug fixes. Here's a quick rundown of the key highlights: EPSS: Exploit Prediction Scoring System (EPSS) is a new feature of JupiterOne. It is a data-driven model that uses machine learning to predict the probability of a software vulnerability being exploited in the wild within a specific timeframe. It leverages historical exploit data, vulnerability characteristics, and metadata, to calculate a score between 0 and 1. A higher score indicates a greater likelihood of exploitation. This aims to help you prioritize your remediation efforts by focusing on vulnerabilities with the highest EPSS scores. Smart Classes: Allows operators to organize and categorize your assets with additional business and technical context. This should help improve IT management and security practices. Graph Upgrade: Completed in July, this upgrade improves query response speed and data availability. Enhanced Query API: Variable result size queries are now the default, improving performance and eliminating pagination issues. Additionally, error handling has been improved with proper HTTP status codes. Python SDK Ownership Transfer: JupiterOne now actively maintains the Python SDK, offering significant improvements. Terraform Provider Enhancements: Configure Insights dashboards and widgets, and be warned about potential overwriting of non-Terraform changes. J1QL Query Editor: Block quoting lines in your queries is now easier with keyboard shortcuts. Alerts & Rule Improvements: Download rule evaluation results as JSON and process larger, longer-running queries. Insights Dashboards: Create rules directly from widgets to turn insights into actionable alerts. Integration Updates: Improved documentation for several integrations and added support for ManageEngine Endpoint Central via the JupiterOne Collector. Additionally, more AWS services are now integrated. New Rule Packs: Leverage pre-configured Mitre ATT&CK rule packs for privilege escalation, execution, and initial access scenarios. For detailed information and documentation on these updates, refer to the JupiterOne release notes.
|
| | Insights: From Our Integration Factory |
|  | EDR + Google SecOps: Combining an endpoint detection and response (EDR) platform’s capabilities with SecOps’ advanced threat analytics allows security teams to gain valuable insights and respond more effectively to cyber threats. This integration provides a comprehensive and efficient solution for threat detection, response, and investigation helping organizations protect their valuable assets and mitigate the risks associated with cyberattacks.
Some of the benefits of this integration are mentioned below:
Enhanced Threat Detection: The EDR identifies suspicious activities on endpoints, while Google SecOps’ analytics correlates this data with broader security trends, enabling earlier detection of potential attacks. Improved Incident Response: When a threat is identified, the integration allows for rapid data sharing between Google SecOps and the EDR platform. This enables security teams to quickly gather evidence, understand the scope of the attack, and take appropriate containment and remediation actions. Centralized Visibility: The integration provides a centralized view of security events across the organization, making it easier to identify patterns and trends that may indicate a larger threat. Efficient Investigation: Google SecOps' investigation tools allow security teams to delve deeper into suspicious activities, analyze artifacts, and uncover the root cause of incidents.
CAASM + SecureWorks Taegis XDR: This integration between CAASM and Taegis XDR provides a robust solution for organizations seeking to enhance their cybersecurity posture through advanced asset management and threat detection capabilities.
Key Technical Aspects:
Data Exchange: The integration involves the exchange of data between CAASM and Taegis, allowing CAASM to collect and analyze asset information from Taegis's threat detection platform. API Integration: The integration is typically achieved through APIs, enabling seamless communication and data transfer between the two systems. Asset Discovery and Inventory: CAASM leverages Taegis's data to discover and inventory assets, including endpoints, network devices, and cloud resources. Asset Classification and Prioritization: CAASM can classify assets based on their criticality and sensitivity, allowing organizations to prioritize their security efforts accordingly. Threat Correlation: By combining CAASM's asset data with Taegis's threat intelligence, organizations can correlate security events and identify potential threats more effectively. Security Orchestration and Automation: The integration can enable automated security workflows, such as incident response and remediation actions, based on the information gathered from CAASM and Taegis.
Benefits: Improved Asset Visibility: The integration provides a comprehensive view of an organization's assets, enabling better risk management and compliance. Enhanced Threat Detection: By combining asset data with threat intelligence, organizations can detect and respond to threats more effectively. Efficient Security Operations: Automation and orchestration capabilities streamline security workflows, reducing the burden on security teams.
This CAASM-XDR integration offers a powerful solution for organizations seeking to improve their cybersecurity posture through advanced asset management and threat detection capabilities.
BAS + ProofPoint TAP: This Proofpoint Targeted Attack Protection (TAP) and a Breach and Attack Simulation (BAS) platform integration offers a comprehensive solution for organizations to enhance their cybersecurity posture by combining advanced threat detection and prevention capabilities with realistic attack simulation.
By integrating Proofpoint TAP and a BAS platform, organizations can achieve the following benefits:
Comprehensive Threat Detection and Prevention: TAP's advanced threat detection capabilities, combined with BAS's ability to simulate realistic attacks, provide a robust solution for identifying and mitigating potential threats. Enhanced Security Posture: This integration allows organizations to continuously test and improve their security controls, ensuring that they are prepared to defend against the latest threats.
|
|
|
|
|
|
|
|
|
|
|
| | Before you go… The conference season is starting to cool down as we approach the last quarter of the year. We’ve currently got one more conference lined up - hope to catch you there if you’re also planning on attending! |
| |
|
|
|
| |
|
