{"id":5065,"date":"2022-02-13T13:04:00","date_gmt":"2022-02-13T18:04:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5065"},"modified":"2022-03-05T13:06:01","modified_gmt":"2022-03-05T18:06:01","slug":"soc-news-2022-02-13","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2022\/02\/13\/soc-news-2022-02-13\/","title":{"rendered":"SOC News – 2022-02-13"},"content":{"rendered":"\n

 Wire implements new Messaging Layer Security protocol<\/strong>
IT Security Wire<\/em>
Wire, the world\u2019s most secure collaboration platform, is starting to implement the Messaging Layer Security (MLS) protocol into its platform architecture.
This will be the world\u2019s first implementation of the MLS protocol in a federated environment and it marks the start of MLS as an open standard solution for communication.

Co-initiated by Wire as part of the Internet Engineering Task Force (IETF) Working Group which includes members from Cisco, Mozilla, Google, Facebook, Twitter, the University of Oxford and INRIA, MLS is a new protocol designed to bolster the security of enterprise messaging platforms by using end-to-end encryption within group communication.

MLS allows users to communicate across devices, within the cloud, while offering maximum fluidity, as it exists within a federated environment, with no central cloud needed for its implementation.
This opens up the possibility of using multiple devices in a secure environment, relying fully on an open standard, something that many business or government employees have been doing for some time in insecure environments.
Link:<\/strong> https:\/\/itsecuritywire.com\/news\/wire-implements-new-messaging-layer-security-protocol\/<\/a><\/p>\n\n\n\n

 Start-up emerges with an \u2018enterprise browser’<\/strong>
Lucas Mearian<\/em>
Computer World<\/em>
The Island browser is based on Chrome and can limit site access and stop employees from uploading and downloading data, copying and pasting information, and even taking screenshots.
Admins can fully control last-mile actions, from advanced security demands to more basic data exfiltration protections such as copy, paste, download, upload, screenshots, and other activities that might expose critical data.
The browser works with both Windows and macOS; mobile versions (for iOS and Android) as well as for Linux are forthcoming, the company said.
Link:<\/strong> https:\/\/www.computerworld.com\/article\/3648597\/start-up-emerges-with-an-enterprise-browser.html<\/a><\/p>\n\n\n\n

 Binalyze secures $10.4 million in seed funding for enterprise forensics platform<\/strong>
Data Center Solutions<\/em>
Binalyze, the Enterprise Forensics platform which enables enterprises to respond faster and more effectively to cyber threats, has raised $10.4 million (\u20ac9.1m) in its Seed funding round.
The investment will enable further innovation to define the standard for next-generation Enterprise Forensic solutions.
It will support the extension of Binalyze\u2019s cloud-native capabilities to enhance coverage in cloud and container environments and enable it to continue to be the fastest and most complete Enterprise Forensics Platform on the market.

The investment will also accelerate Binalyze\u2019s expansion in the US, Europe, and other key global markets enabling enterprises, MSP, and Incident Response partners to mount a forensic response to cybersecurity attacks in near-real-time.
This minimizes damage and cost to the business.

The investment, which brings total funding to date to $11.7 million, was led by European venture capital firm OpenOcean, with participation from Earlybird Digital East which led Binalyze\u2019s pre-seed round last year.
Link:<\/strong> https:\/\/datacentre.solutions\/news\/63099\/binalyze-secures-104-million-in-seed-funding-for-enterprise-forensics-platform<\/a><\/p>\n\n\n\n

 CyberCX aquisition of Cyber Research NZ a game-changer<\/strong>
Disp<\/em>
CyberCX has today announced its successful acquisition of New Zealand cyber security company Cyber Research NZ Ltd, bringing further capability, talent and depth of experience to its service offerings in New Zealand and across the ANZ region.
Link:<\/strong> https:\/\/dispatchist.com\/news\/cybercx-aquisition-of-cyber-research-nz-a-game-changer\/<\/a><\/p>\n\n\n\n

 Vicarius Announces $24 Million Series A Funding to Rebuild the Vulnerability Remediation Market for Today\u2019s Remote, Cloud-Based World<\/strong>
Business Wire<\/em>
NEW YORK–(BUSINESS WIRE)–Vicarius, developers of the industry\u2019s first fully autonomous end-to-end vulnerability remediation platform, today announced a $24M Series A round to breathe new life into the vulnerability remediation market.
AllegisCyber Capital, JVP, and AlleyCorp led the round with executives from Okta, SecurityScorecard, and Exabeam providing capital as well.

Founded by three security experts, Michael Assraf, Yossi Ze\u2019evi and Roi Cohen, Vicarius equips IT and security teams with a fully automated and consolidated platform, TOPIA, to assess, prioritize, and remediate vulnerabilities in applications, assets, and operating systems.
Traditional network and scanning-based tools focus exclusively on vulnerability discovery or patch management and can\u2019t adapt to changing WFH infrastructure.
Vicarius provides a cloud-first, integrated solution that closes the loop from discovery to remediation for today\u2019s shift to remote work and cloud-based applications.

Because Vicarius provides threat insight as well as extensive patching capabilities and prioritization, IT and security teams have a deeper understanding of what is vulnerable, how much risk is present, and where patches have been applied.
As a result, CISOs and IT administrators achieve safer networks and lower likelihood of exploitation through cooperation.
Link:<\/strong> https:\/\/www.businesswire.com\/news\/home\/20220209005459\/en\/Vicarius-Announces-24-Million-Series-A-Funding-to-Rebuild-the-Vulnerability-Remediation-Market-for-Today%E2%80%99s-Remote-Cloud-Based-World<\/a><\/p>\n\n\n\n

 Cyware Enhances Automated Threat Intelligence Sharing for Auto-ISAC to Promote a Collective Defense<\/strong>
AI Thority<\/em>
Cyware, the industry\u2019s only Virtual Cyber Fusion Platform provider, announced that it has partnered with the Automotive Information Sharing and Analysis Center (Auto-ISAC) to give its members the ability to automatically aggregate, share, and collaborate on actionable threat intelligence.
Over 20+ ISACs \/ ISAOs leverage Cyware solutions as the de facto standard for automated threat intelligence sharing, collaboration, and distribution.

Auto-ISAC joins a cross-sector, connected network of over 20 other Information Sharing Analysis Centers (ISACs) and Community Emergency Response Teams (CERTs) using Cyware\u2019s Situational Awareness Platform (CSAP) and Threat Intelligence Exchange (CTIX) to boost their overall threat intelligence sharing process, accelerate incident response time, and reduce cybersecurity risk.
Link:<\/strong> https:\/\/aithority.com\/security\/cyware-enhances-automated-threat-intelligence-sharing-for-auto-isac\/<\/a><\/p>\n\n\n\n

 SecOps and XDR: Why trusted digital operations centers are essential<\/strong>
Mark Fernandes<\/em>
Tech Beacon<\/em>
Security operations are evolving from a purely technical capability to a key contributor to business resiliency, with cybersecurity becoming an imperative for organizations that have become keenly aware of the need to enable their digital future.

The latest generation of SOCs further extends XDR to turn SOCs into trusted digital operations centers (TDOCs), which bring advanced threat hunting capabilities to infrastructure, network signals, and the cloud.
Some of the capabilities of the new TDOC are:
Securing the digital value chain, reducing friction to the business, and enabling adoption of innovation to drive new markets and customer value
Crossing over electronic capability to enable enterprise resiliency, such as the ability to combine fraud with cybercrime to provide a holistic view of digital risk
Tying measurement to performance of business goals to evolve the SOC from a tech-oriented to a business-oriented capability
Providing an anti-fragility platform where any systemic threats to the business help strengthen its cyber defense through machine-aided root-cause analysis, learning, and transformational metrics
Ensuring self-healing and zero interruption to the business to limit disruption in delivery of value to the customer or stakeholder
Moving beyond the reactionary methods of traditional SOCs and XDR centers to build greater sensing and interpretation methods
Automating repeatable and expert tasks that are best done by machines so teams can focus on tasks best performed by wetware, such as creative threat hunting
Collaborating with trust circles, peers, and other parties to be proactive about threats through tightly coupled and cross-functional intelligence sharing
A traditional SOC can’t be transformed into a TDOC overnight.
During the first phase of the plan’s implementation, the business should establish the basis for the TDOC to accelerate digital transformation by clearly defining governance, capabilities, alignment with the business, and agile structure needed to do so.
Link:<\/strong> https:\/\/techbeacon.com\/security\/secops-xdr-why-trusted-digital-operations-centers-are-essential<\/a><\/p>\n\n\n\n

 Integrating IT Security with DevSecOps: Best Practices<\/strong>
Aminu Abdullahi<\/em>
Enterprise Networking Planet<\/em>
What Is DevSecOps?
==================
Why care about DevSecOps.
What does it look like in practice?
Challenges to Address Before Implementing DevSecOps
===================================================
Lack of integration between DevOps and IT security tools
Software development lifecycle\/pipeline practices
Issue detection\/response mechanism
Defining ownership
Security mindset
Why is IT Security Integral to the DevSecOps Cycle?
===================================================
IT Security and DevSecOps Integration Best Practices
====================================================
Automate tools and processes
Encourage culture change across organizations
Test early and often
Communicate proactively
Adopt static application security testing (SAST)
Adopt dynamic application security testing (DAST)
Adopt interactive application security testing (IAST)
Adopt application security testing as a service (ASTaaS)
========================================================
Future of DevSecOps in Enterprises
Link:<\/strong> https:\/\/www.enterprisenetworkingplanet.com\/guides\/integrating-it-security-with-devsecops-best-practices\/<\/a><\/p>\n\n\n\n

 8 Penetration Testing Trends You Should Know in 2022<\/strong>
Niranjan Limbachiya<\/em>
D Zone<\/em>
The Three Kinds of Penetration Testing:<\/p>\n\n\n\n