Jon Oltsik

FireEye, Inc., the intelligence-led security company, has announced the expansion of its Mandiant Advantage SaaS platform, now equipped with a powerful, multi-vendor XDR capability and also introduced its newest module – Mandiant Automated Defense. Mandiant Automated Defense Mandiant Automated Defense is the latest module available in the Mandiant Advantage platform, joining the Mandiant Threat Intelligence and Mandiant Security Validation modules. Organizations struggle to consistently, quickly, and accurately assess and investigate the multitude of alerts received by their security operations centers (SOC) daily. In February 2021 alone, Mandiant Automated Defense reduced more than 52 billion customer alerts, down to less than 700 prioritized investigations. Intelligent SaaS interface Mandiant Automated Defense increases its ability to scale its unique expertise and intelligence as software Formerly Respond Software’s virtual analyst product, Mandiant Automated Defense dramatically increases Mandiant's ability to scale its unique expertise and intelligence as software, delivered through an easy-to-deploy SaaS interface. “Skill shortages, an overwhelming number of alerts, and even misconfigured tools all contribute to the challenges faced by the modern SOC,” said Christopher (Chris) Key, Executive Vice President of Products, Mandiant Solutions, adding “Our customers have been asking us for technology that embeds Mandiant expertise and intelligence into their environments at scale – Mandiant Automated Defense is another of our products that does just that.” Enhanced cyber security Mandiant Automated Defense addresses the people, process, and technology challenges faced by cyber security defenders in the SOC. Automated Defense allows security analysts to triage alerts from the security stack at machine speed, scale, and consistency using data science and machine learning. This automated triage process is designed to enable security personnel to prioritize and focus on the most relevant threats, reducing time wasted on false positives. Intelligence-driven approach to security operations “Enterprises are truly changing the way they manage security operations,” said Jon Oltsik, Senior Principal Analyst and Fellow, Enterprise Strategy Group, adding “Through Respond Software, Mandiant has added an innovator in security operations that can help enable security teams better serve customers, increase productivity, and achieve better cyber security business outcomes. Mandiant Automated Defense can help customers truly work without boundaries – outside of their current tools and processes.” Mandiant Advantage is an intelligence-driven approach to security operations. Without a significant increase in human expertise, it is impossible for organizations to win the global war on cybercrime. Accessible and automated security solutions Mandiant Advantage productizes attacker expertise and threat intelligence capabilities into accessible, automated solutions that instantly provide the scale and capability that security teams so desperately need. Supporting more than 60 security technologies, cloud platforms and network management tools, the Mandiant Advantage SaaS platform works with best-of-breed, multi-vendor controls to deliver state-of-the-art XDR capabilities. The Mandiant Advantage platform now includes three modules: Mandiant Threat Intelligence Mandiant Security Validation (formerly Verodin) Mandiant Automated Defense (formerly Respond Software)

ReliaQuest, a pioneer in cybersecurity, announces its unique ‘Open XDR’ approach that solves modern enterprise cybersecurity challenges through its GreyMatter platform. Unlike other XDR tools that limit organizations to a single vendor tech stack, ReliaQuest’s vision centers on bringing flexibility and visibility to disparate data sets and technologies. This approach enables enterprises to gain security confidence through the centralized detection and remediation of threats across their siloed IT architecture. Disparate datasets and workflows "XDR is a new take on an old problem that aims to unify control points, security telemetry, analytics, and operations into one enterprise offering but requires the same vendor for all tools. ReliaQuest identified an opportunity to improve upon this model with Open XDR. GreyMatter unifies technologies from multiple vendors through an integrated platform that helps security teams achieve the necessary visibility from their existing tools and processes--thereby accelerating detection and response," said Brian Murphy, CEO and founder of ReliaQuest. Security analysts’ jobs are extremely complex as analysts are mired with too many alerts" “Security analysts’ jobs are extremely complex as analysts are mired with too many alerts, disparate datasets and workflows, and an ever changing attack landscape,” said Jon Oltsik, Principal Analyst and Fellow at Enterprise Strategy Group. Independent security tools “Open XDR can help by unifying toolsets, alerts, and providing the context analysts need in order to speed detection and response. With the universal translator acting as an integration platform, GreyMatter is well suited to deliver on the promise of Open XDR—directly addressing security operations complexity.” GreyMatter provides an Open XDR solution that delivers the following outcomes: Integration of multiple independent security tools for unified detection, investigation, and response Cross-technology visibility in weeks, powered by a patented ‘universal translator’ solution Aggregation of relevant data on demand, without the need to build and maintain costly and cumbersome data lakes Continuous optimization of security technologies and processes A guided reporting framework to drive security program measurement and continuously increase maturity Automation across the security lifecycle, applying the development principles of continuous integration/ continuous deployment to the security realm 24/7/365 support from a team of security and program management practitioners, dedicated to helping teams achieve security program goals Security advisory expertise “For years vendors have promised to deliver a ‘single pane of glass’ but always fell short,” said John Childers, Director, Information Security, Aqua America. “ReliaQuest GreyMatter unifies security tools for visibility across layers, aggregated alerting, faster investigation and response, bolstered by proactive threat hunting and attack simulation to continually improve your posture, all wrapped with security advisory expertise for accelerating key initiatives.” ReliaQuest recently integrated with SentinelOne’s Singularity XDR platform To further bolster GreyMatter’s Open XDR offering, ReliaQuest recently integrated with SentinelOne’s Singularity XDR platform. This integration enables organizations to prevent, detect, respond, and hunt across existing cybersecurity technologies, regardless of vendor, which vastly increases visibility across the enterprise. As part of the solution, data is collected from SentinelOne and ingested into GreyMatter’s proprietary universal translator, where it is normalized with data from a customer’s other technologies – including SIEM, multi-cloud, and third-party tools. Prominent cyber threats “CISOs are seeking a simple way to manage everything across the network – from endpoints to cloud workloads and IoT devices,” said Brandon Andrews, VP Global MSSPs & Alliances at SentinelOne. “Without having full transparency into everything that’s happening, CISOs can’t effectively protect what matters most from the elaborate schemes of today’s cybercriminals. Our partnership with ReliaQuest helps organizations overcome today’s most prominent cyber threats through complete visibility and action – empowering organizations to protect tomorrow’s threats, today.” This news comes on the heels of a banner year for ReliaQuest. In August, the company raised over $300 million in growth financing in a round led by global investment firm KKR, with participation from Ten Eleven Ventures and ReliaQuest founder and CEO Brian Murphy. ReliaQuest GreyMatter provides deep integration with and across more than 40 top enterprise technologies to provide customers with visibility and automated response capabilities across their existing technology investments.

Palo Alto Networks, the global cybersecurity company, introduced Cortex™ XSOAR, an extended security orchestration, automation and response platform that empowers security leaders with instant capabilities against threats across their entire enterprise. Cortex XSOAR is an evolution of the Demisto® platform, which was acquired by Palo Alto Networks in March 2019. Threat intel data Palo Alto Networks is redefining the security orchestration, automation and response category by making threat intelligence management a core component. By tightly integrating threat intelligence management with SOAR capabilities — such as unified case management, automation and real-time collaboration — customers are now able to fully operationalize threat feeds. Bringing threat intel data into Cortex XSOAR means security orchestration just got simpler for the customer" “Customers are facing an overwhelming volume of alerts, threat intel sources, and security tasks,” says Lee Klarich, chief product officer for Palo Alto Networks. “Both SOAR and threat intelligence management have developed over recent years as tools to help them, but existing product silos have led to even more manual work. Bringing threat intel data into Cortex XSOAR means security orchestration just got simpler for the customer. It makes no sense to have SOAR without native threat intel.” Threat management into security orchestration “The integration of threat management into security orchestration and automation is an inevitable evolution for improving security operations,” notes Jon Oltsik, senior principal analyst and fellow at the Enterprise Strategy Group (ESG). “Cortex XSOAR brings the right pieces together. Until now, operationalizing vital threat intelligence data has been difficult or even impossible as it requires time, experience, and resources that are beyond the capabilities of many organizations. A platform like Cortex XSOAR acts as a security operations and analytics platform architecture, or SOAPA, for analyzing and operationalizing cyber threat intelligence. The benefit? Bringing the value of threat intel to the masses.” Cortex XSOAR With Cortex XSOAR, customers are able to: Standardize and automate processes for any security use case: Easily automate hundreds of security use cases with playbooks that orchestrate response actions across more than 350 third-party products. Adapt to any alert with security-focused case management: Accelerate incident response by unifying alerts, incidents and indicators from any source within a single case management framework. Boost SecOps efficiency with real-time collaboration: Facilitate investigations across teams via a virtual War Room with built-in ChatOps and command line interface to execute commands across the entire product stack in real time. Take action on threat intelligence with confidence and speed: Take full control of threat data by aggregating disparate sources, customizing and scoring feeds, and matching indicators against a customer’s specific environment, as well as leveraging playbook automation to drive instant action. Extending existing platform capabilities SOAR applied to threat intelligence can help fully integrate it into your incident response program""Threat intelligence without context is just threat data. In order for threat intelligence to be of use, the original context of the threat intel has to be applied appropriately and mapped to internal incidents and policies," says Michael Poddo, director, Cyber Threat Analysis & Response, Emerson. "However, doing this at scale and speed to keep pace with real-time threat feeds is tough without automation. SOAR applied to threat intelligence can help fully integrate it into all aspects of your incident response program." Cortex XSOAR will replace Demisto by Palo Alto Networks, subsuming and extending existing platform capabilities. Demisto customers will be migrated to Cortex XSOAR upon general availability, expected in March 2020, with an option to evaluate the new Threat Intel Management module at no additional cost.

Keysight, the test and measurement vendor, has announced that Ixia, its cybersecurity and visibility business, has announced BreakingPoint QuickTest, which enables organizations to quickly evaluate the performance and security of devices and networks to assess their cybersecurity readiness. Today’s IT departments struggle against increasing network security threats while suffering from a cybersecurity skills shortage. According to Jon Oltsik, principal analyst, Enterprise Strategy Group, “more than half of organizations report a problematic shortage of cybersecurity skills.” The lack of testing expertise creates opportunities for vulnerabilities in IT environments. Optimizing speed of cybersecurity testing This innovation enables organizations to optimize the speed of their cybersecurity testing without compromise"“Organizations are under pressure to make the right security investments to ensure their networks and applications are secure. This pressure, combined with the shortage of expert resources, forces organizations to compromise on the quality of their security testing,” said Sunil Kalidindi, vice president of product management at Ixia, a Keysight Business. “BreakingPoint QuickTest offers users all the power of BreakingPoint in pre-packaged test methodologies with expert analysis capabilities. This ground-breaking innovation enables organizations to optimize the speed of their cybersecurity testing without compromise.” Features of the Test suites BreakingPoint QuickTest offers concise and actionable test scores for rapid result analysis, and complete automation for continuous assessment. Test suites include: Performance: to measure system performance while handling various types of application traffic mixes that include encrypted traffic NetSecOPEN: to validate the device or system against NetSecOPEN standardized tests, industry guidelines and best practices for testing modern network security infrastructure including firewall, next generation firewall (NGFW), intrusion protection system (IPS), and threat detection solutions and services Encryption Performance: to measure the system performance of TLS inspection devices or networks, while handling traffic encrypted using various types of ciphers and key sizes Security: to validate the effectiveness of a security device or system in mitigating attacks and breach attempts while maintaining traffic continuity Powered by threat intelligence BreakingPoint QuickTest is powered by threat intelligence provided by Ixia’s Application Threat Intelligence (ATI) Research Center, a globally distributed team of dedicated cybersecurity professionals that monitor and analyze the ever-evolving indicators that could threaten the security of IT networks worldwide. Ixia’s ATI Research Center has been performing advanced security research for over a decade, providing intelligence updates to customers around the globe.

Pulse Secure, global provider of software-defined Secure Access solutions has announced the integration of SDP (Software Defined Perimeter) architecture within its Secure Access platform and the inclusion of Pulse SDP as an add-on within its award-winning Access Suite. By offering a flexible path to SDP, the company extends its foundation of Zero Trust access for hybrid IT and provides enterprises and service providers with unrivalled provisioning simplicity, security posture fortification and lower total cost of ownership. According to a recent Enterprise Strategy Group survey: 66% of organizations expect that within two years, more than 30% of their cloud-resident data will be sensitive 53% of mobile knowledge workers wait at least a week before applying a security patch or update to the devices they use for work 45% of organizations that have repatriated a public cloud-based application(s)/workload(s) have deployed them on converged infrastructure Zero Trust Strategy  Pulse Secure Access Suite provides remote, mobile, cloud, network and application security Ubiquitous access to applications and dynamic resource provisioning are the new normal, yielding an increase in advanced threats and massive data breaches. As enterprises embrace digital transformation and migrate their applications and infrastructure to multi-cloud, access requirements have become more stringent and complex to prevent attacks and data leakage. To reduce risk, organizations are applying a Zero Trust Strategy of “verification before trust” by incorporating stronger user and device authentication, granular access control, and enhanced segmentation no matter where the application and resources reside. “Business leaders face a digital imperative to boost user productivity, while also mitigating the risk of data breaches that are growing in size and frequency,” said Sudhakar Ramakrishna, CEO of Pulse Secure. “From our inception, Pulse Secure has focused on providing a pragmatic approach to Zero Trust Secure Access that balances user experience with compliance. By incorporating SDP architecture within our Access Suite, we can deliver the deployment flexibility, scale and investment protection sought by enterprises and service providers.” Pulse Secure Access Suite Pulse Secure Access Suite provides remote, mobile, cloud, network and application security with comprehensive VPN, Mobile Device Management (MDM), Single Sign-on (SS0), endpoint and IOT device visibility, Network Access Control (NAC) and virtual Application Delivery Controller (ADC) capabilities. Pulse SDP complements this integrated solution set by offering direct device to application/resource secure connectivity only after successful user, device and security state verification including geo location and behavior-based anomaly detection. As a result, organizations gain seamless accessibility while streamlining access provisioning, improving performance and reducing the visible attack surface. More so, organizations gain greater economies and a non-disruptive way to readily implement SDP functionality when, where and how they require. Pulse Secure can provide strong value that can be compelling for customers and service providers" “Despite industry suggestions about VPN replacement, SDP is not a panacea for all applications and hybrid IT infrastructure as enterprises migrate to the cloud. While deployments can offer comparatively simple, secure connectivity, SDP projects tend to be based on specific use cases and projects. VPN and SDP will likely co-exist for a while, so organizations need to keep an eye on joint usability, management and costs,” said Jon Oltsik, senior principal analyst at Enterprise Strategy Group. “By offering an integrated secure access suite that supports VPN and SDP architectures for data center and cloud, Pulse Secure can provide strong value that can be compelling for customers and service providers.” Pulse SDP Integration To Access Suite Pulse SDP augments the Access Suite and offers an array of features and business benefits including: Dual-mode VPN and SDP architecture; provides enterprises single pane of glass secure access management and operational visibility across public cloud, private cloud and data center. Extensive multi-factor authentication and authorization options; ensures users, their devices and the applications they access are continuously verified before and during the transaction. Uniform policy management; enables consistently provisioned secure connections that increase usability and security while reducing configuration errors, policy drift and gateway sprawl. Granular, stateful access enforcement; aligns business and compliance requirements with on-demand, application-level access that supports anywhere access and preferred device. Enhanced user experience; offering users easy and seamless access options including web portal, application-activated, SSO and captive portal. Access responsiveness; separate data and control planes to ensure scalability with proprietary Optimal Gateway Selector technology to expedite application delivery. Deployment flexibility; freedom to move or extend implementation on premise, through private and public cloud, and with their hosting provider or managed service provider of choice. Reduced total cost of ownership; unified Secure Access platform that works with a customer’s existing investment and access ecosystem to consolidate disparate remote and cloud access controls and avoid expensive administrative, licensing and management overhead. Pulse Secure Software And Cloud Solutions With a simple software upgrade, customers can activate Pulse SDP using the latest Pulse Secure infrastructure Pulse SDP will be offered solely as a licensed component within Advanced and Enterprise Editions of the Pulse Access Suites in April 2019. Pulse SDP is comprised of an SDP Controller, SDP Client and SDP Gateway which are enabled within the Pulse Secure software, hardware and cloud solutions. This approach allows SDP and perimeter-based VPN functionality to work in parallel and provides Zero Trust access security and essential operational flexibility for enterprises and service providers. With a simple software upgrade, customers can activate Pulse SDP using the latest Pulse Secure infrastructure. The Pulse Secure Access Suite, Advanced Edition with SDP option has an annual subscription MSRP of $66.00 USD per user for 1000 users. Other license and delivery options are available. Between now and June 30, 2019, customers can upgrade or renew their existing Pulse Access Suite subscription to activate SDP functionality at no additional charge.

Check Point announces the general availability of CloudGuard SaaS, an industry-first cloud suite designed to prevent sophisticated security threats that target SaaS applications. One of the latest additions to Check Point’s CloudGuard portfolio of cloud security products, CloudGuard SaaS protects enterprises that use SaaS applications and cloud-based email (including Office 365, GSuite and OneDrive), and prevents targeted attacks intended to steal sensitive data. Addressing advanced SaaS threats, CloudGuard SaaS provides 360-degree protection against malware and zero-days, phishing attacks, as well as employee account takeovers. Additionally, it can discover unsanctioned use of SaaS applications and prevent data leakage, while providing instant threat visibility. Data Leakage Protection CIOs should work with security and risk managers to create and follow a comprehensive and continuous approach for the controlled use of SaaS" “In today’s fifth-generation cyber-attack landscape, it’s crucial to implement technology equipped to take on more threats on business cloud applications,” said Itai Greenberg, VP of Product Management at Check Point Software Technologies. “Businesses generally turn to solutions in the Cloud Access Security Broker domain, which offer visibility and data leakage protection. CloudGuard SaaS goes beyond CASB capabilities. It’s designed to prevent the most common attacks on SaaS applications, providing peace of mind to enterprises.” According to Gartner Jay Heiser, Research VP, Analyst at Gartner: “CIOs should work with security and risk managers to create and follow a comprehensive and continuous approach for the controlled use of SaaS, or they will fail to meet business goals, resulting in unnecessary losses or incidents.” Breach Prevention Solution CloudGuard SaaS is an essential solution that equips businesses with the necessary preventive security for a multitude of enterprise SaaS applications within minutes. “Businesses today face potential cyberattacks occurring from multiple vectors, including SaaS-based applications. Products like Check Point CloudGuard SaaS can help enterprises looking to protect themselves from attacks of different levels – from phishing to zero-day compromises,” said Jon Oltsik, senior principal analyst at the analyst firm ESG. Superior threat prevention against malware and zero-days: CloudGuard SaaS is the most effective breach prevention solution for malware and zero-day attacks on SaaS applications, leveraging Check Point’s SandBlast technology. SandBlast scored a 100% block rate and highest evasion testing with NSS Labs, a globally recognized trusted source for independent, fact-based cybersecurity testing. Sophisticated Phishing Attacks CloudGuard SaaS blocks SaaS account takeovers by preventing unauthorized users from logging in, even if the device is already compromised By leveraging these capabilities, CloudGuard SaaS protects email attachments and file downloads on file hosting services and collaboration tools. CloudGuard SaaS blocks zero-day threats before they reach users and delivers safe content in seconds, using advanced threat emulation and extraction technology. Innovative technology stops account takeovers: CloudGuard SaaS blocks SaaS account takeovers by preventing unauthorized users from logging in, even if the device is already compromised. Using its new ID-Guard technology, CloudGuard SaaS identifies fraudulent access by finding bad logins and centralizing multi-factor authentication. In addition, CloudGuard SaaS can authenticate users in any SaaS application on any device—mobile or PC. Total phishing protection: CloudGuard SaaS prevents more phishing attacks than standard email services by leveraging artificial intelligence engines. It can stop sophisticated phishing attacks, spear-phishing, and email spoofing that may bypass other solutions. Malicious email content can also be blocked with high-precision certainty.