Security automation and orchestration platform Tines has added a new case management capability, dubbed Cases, to allow security teams to collaborate on security incidents.

This collaboration feature is aimed at enabling the teams to efficiently handle anomalies, automation, and remediations.

“With Cases, Tines users — which range from startups to Fortune 10 — can deploy a new capability that addresses the critical flaws in existing case management solutions, from a lack of customizations and integrations to complex interfaces that lead to mistakes and delays,” said Eoin Hinchy, founder of Tines.

To read this article in full, please click here

Read More

Cloud security firm Sysdig has embedded cloud detection and response (CDR) into its cloud-native application protection platform (CNAPP). The company claims to be the first vendor to offer this consolidation, a move that enables its CNAPP to detect threats with 360-degree visibility and correlation across workloads, identities, cloud services, and third-party applications. It leverages Falco, a widely adopted open-source standard for cloud threat detection governed by the Cloud Native Computing Foundation, in both agent and agentless deployment models, Sysdig said.

As cloud adoption grows and organizations build out cloud environments, they face sprawling applications, services, and identities. Detecting and quickly responding to threats across these environments can be a significant challenge for businesses and their security teams, with vast amounts of cloud assets potentially vulnerable and going unchecked for significant periods of time.

To read this article in full, please click here

Read More

The Russia-linked cybercrime gang thought to be behind a hack that has impacted companies around the world has posted a message to its corporate victims.

In short, firms affected by the MOVEit hack are being told to congtact the Cl0p ransomware group before June 14, or face the consequences.

Read More

New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“:

Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers. This paper explores these impacts via a multi-stage, mixed methods research design that involved 69 expert interviews, data on commercial relationships, and an online validation workshop. The first stage of our study established 11 stylized facts that describe how cyber insurance sends work to a small numbers of IR firms, drives down the fee paid, and appoints lawyers to direct technical investigators. The second stage showed that lawyers when directing incident response often: introduce legalistic contractual and communication steps that slow-down incident response; advise IR practitioners not to write down remediation steps or to produce formal reports; and restrict access to any documents produced.

So, we’re not able to learn from these breaches because the attorneys are limiting what information becomes public. This is where we think about shielding companies from liability in exchange for making breach data public. It’s the sort of thing we do for airplane disasters.

Read More