ExtraHop, the provider of cloud-native network detection and response, announces a suite of new features designed to streamline the secure adoption and implementation of IoT in the enterprise. ExtraHop® Reveal(x)™ now provides advanced discovery, classification, and behavior profiling for enterprise IoT devices, providing visibility from the device to the service layer. These latest enhancements extend Reveal(x) capabilities to the enterprise IoT device edge, providing complete visibility, detection, and response across the attack surface without the need to implement narrow point solutions. Consistent growth in enterprise IoT usage IoT reduces operational friction, making businesses more efficient and employees more productive IoT reduces operational friction, making businesses more efficient and employees more productive. But this comes at a cost. IoT moves computing power to the edge, vastly expanding the enterprise attack surface, and without visibility into what devices are connecting to the network and what resources they are accessing, it leaves organizations vulnerable to threats. “Our research points to consistent growth in enterprise IoT usage which, along with other enterprise initiatives, has led to a growing attack surface,” said Fernando Montenegro, Principal Analyst, Information Security, 451 Research. “This leads to increased demands from enterprise security teams for visibility into network traffic, analysis for detection of threats, followed by remediation as needed.” Continuous behavioral monitoring With the latest release, ExtraHop Reveal(x) now provides the visibility, detection, and investigation capabilities security and IT organizations need to continuously secure and manage expanding IoT deployments. Continuous Device Discovery and Classification discovers, identifies, and profiles all IoT devices and services to deliver complete visibility without friction to IT and Security Operations teams. Device Behavior Profiling extracts rich L2-L7 data from network and cloud traffic, enabling deeper analysis across devices at the service level. When paired with cloud-scale machine learning from ExtraHop, this data is correlated with other network events to rapidly and accurately detect threat patterns for immediate response. This provides organizations with continuous behavioral monitoring and detection for IoT devices such as VoIP phones, printers, IP cameras, wearables, and smartboards. Guided Investigation automatically gathers contextual information, related detections, and packet level details into a single workflow to streamline and accelerate response actions, enabling security analysts and threat hunters to quickly determine the impact and scope of an IoT event and easily drill into forensic level details. IoT Security Hygiene helps security and IT operations teams address issues such as IoT devices and services using unencrypted communications, and when discovered, can automate response actions with other systems like creating a ticket or isolating devices on the network. Network detection and response solution “We believe that enterprise IoT is a strong fit for ExtraHop's network detection and response solution. Not only do we discover the presence of IoT devices, identifying make and model, but we also automatically segment into peer groups to detect suspicious behaviors and potential threats.” said Jesse Rothstein, CTO and co-founder at ExtraHop. “Reveal(x) enables organizations to truly understand the level of risk a device poses and provides situational awareness of the environment.” Enterprise IoT Security features are now globally available with ExtraHop Reveal(x) platform.
The average cost of a malware and web-based attack on a business is US$ 1.4 million (Accenture study), yet even with destructive malware attacks up 200% in 2019, thousands of business websites remain vulnerable to attacks. Sectigo, globally renowned commercial Certificate Authority (CA), is taking a giant step to help businesses protect themselves from new and emerging web-based threats with the introduction of Sectigo Web Security Platform. Sectigo Web Security Platform With this release, Sectigo is the first CA to introduce an all-in-one; cloud-based solution bundled with TLS/SSL certificates so that customers can easily identify threats and quickly patch vulnerabilities for their CMS from an all-new comprehensive management portal. Through the platform, customers can automate daily scanning for vulnerabilities, receive proactive notifications, and instantly remove the malware found within the code, database, or files on the web server. In addition, the platform automates daily website backups so that customers can restore their sites when needed with a single click. Coming in future releases are advanced features to accelerate website performance with a global Content Delivery Network (CDN) and Domain Name System (DNS), and to increase protection with a Web Application Firewall (WAF). Cloud security Research points to security as the number one area of concern for companies working to optimize their cloud presence" "Our research consistently points to security as the number one area of concern for companies working to optimize their cloud presence," said Fernando Montenegro, Principal Analyst at 451 Research. He adds, "Expanding security coverage, leveraging automation, and consolidating web security functionality into fewer vendors are strategies that many organizations, particularly those with significant resource constraints, may benefit from exploring. Sectigo's move into offering additional services beyond traditional certificate services fits well into this narrative." Enhanced capabilities for SSL customers The new Sectigo Web Security Platform brings new capabilities to SSL customers, reflecting the increasing requirement for companies to move beyond basic encryption to ensure complete website security. Sectigo has enabled customers to easily select the functionality they need from product bundles available through Sectigo retail sites, hosting partners, and other resellers. The new product bundles include: Sectigo Web Monitor – Available with all SectigoSSL, PositiveSSL, and InstantSSL certificates, includes: Sectigo Web Detect – Automatically scans up to five website pages once daily for critical security issues such as malicious infections, spam listings, vulnerabilities, blacklisting, and more. Malware Detection – Stops search engines from blacklisting a website by proactively sending alerts about security issues before crawlers detect them. Vulnerability Detection – Monitors a website daily for security vulnerabilities found n the following Content Management Systems (CMS): WordPress, Joomla!, Drupal, WooCommerce, PrestaShop, and Magento. SPAM and Blacklist Monitoring – Scans a website’s IP address and domain name daily against multiple spam databases and delivers alerts about potential email blacklisting. Sectigo Web Remediate – Available with the all-new SectigoSSL Pro certificates, includes: Enhanced Sectigo Web Detect – Increases scanning for up to 500 website pages and databases. Sectigo Web Clean – Safeguards a website against cybercriminals and other online security threats, automatically removing active infections from website files and any MySQL database without disrupting site functionality. Sectigo Web Patch – Scans daily to automatically detect critical weaknesses found in the company’s content management system (CMS) or database and proactively patches these vulnerabilities before cybercriminals can exploit them. Security patches are automatically deployed when new CMS versions are released for 7 of the most popular WordPress plugins, enabling website owners to complete full-version updates within their designated timelines. Plugins include: tact Form 7, Yoast SEO, Jetpack, All-in-one SEO Pack, TinyMCE, Google XML Sitemaps, WordPress Importer, and Easy WP SMTP. Sectigo Web Patch also protects a company’s most valuable online assets from cybercriminals by automatically patching security vulnerabilities found in leading ecommerce platforms, including WooCommerce, Magento, and PrestaShop. Sectigo Web Backup and Restore – Reverses damage caused to a website through a one-click restore option. Utilizing sophisticated version control software, Web Backup and Restore provides incremental agent-less backups and empowers users to oversee their network of websites—with any mix of CMSs—all in one place. "Website owners and organizations of all sizes must look beyond an SSL certificate to protect against new and emerging threats. With this launch, our certificates provide more value to customers and give the world a new way to think about Certificate Authorities and the security offerings provided to our channel partners and collective customers," said Michael Fowler, President of Channel Partners, Sectigo. Easy-to-use single API “Sectigo’s new Web Security Platform also offers opportunities for our partners around the world to differentiate themselves from competitors, while increasing revenue and maintaining customer retention by offering multiple solutions via an easy-to-use, single API,” added Mr. Fowler.