Skip to main content

Introducing Real-Time CWPP for Amazon ECS Fargate

Containers are popular because they are easy to build, test, and operate across a wide variety of infrastructure. Increasingly, serverless infrastructure services like AWS Fargate are preferred for containerized workload operations, because they allow organizations to focus their resources on innovation, while outsourcing the infrastructure management to their cloud service provider.

In this blog post, learn about SentinelOne’s Singularity Cloud Workload Security (CWS) for Serverless Containers, a real-time cloud workload protection platform (CWPP) for containerized workloads, running on AWS Fargate for Amazon ECS and Amazon EKS. Powered by AI, CWS detects runtime threats like ransomware, zero-days, and fileless exploits in real-time, and streamlines machine-speed response actions.

The Challenge | Maintaining Cloud Workload Availability

Organizations of all sizes increasingly deploy containerized cloud workloads to serverless infrastructure services such as AWS Fargate. Whether running on Amazon ECS (Elastic Container Service) or Amazon EKS (Elastic Kubernetes Service), these ephemeral workloads, although short-lived, still represent a vulnerable attack surface. Automated runtime attacks can exploit vulnerabilities and spread in seconds. Simply examining configurations is insufficient when machine-speed attacks threaten to disrupt cloud operations in seconds. Therefore, they require real-time threat detection and response, to stop the spread and maintain the integrity and availability of cloud workloads.

Moreover, short-lived workloads can challenge incident response (IR) procedures unless there is a forensic data record of workload telemetry for IR specialists to follow. Here again, agentless inspection falls short. Only an agent can serve as the flight data recorder of workload telemetry. These are two of the primary value propositions of a CWPP agent: real-time threat detection and response, and a forensic record of workload telemetry.

However, serverless infrastructure services restrict or prohibit access to the underlying infrastructure. This constraint necessitates an agent architecture tailored to the specific use case of containerized workloads running on serverless infrastructure.

Continue reading
1060 Hits

Ikaruz Red Team | Hacktivist Group Leverages Ransomware for Attention Not Profit

Politically-motivated hacktivist groups are increasingly utilizing ransomware payloads both to disrupt targets and draw attention to their political causes. Notable among these hacktivist groups is Ikaruz Red Team, a threat actor that is currently leveraging leaked ransomware builders.

In attacks occurring over recent months, we have observed Ikaruz Red Team and aligned groups such as Turk Hack Team and Anka Underground (aka Anka Red Team) conduct attacks against Philippine targets and hijack branding and imagery belonging to the government’s Computer Emergency Response Program (CERT-PH).

In this post, we profile this hacktivist group and its recent actions, highlighting the threat actor’s methodology, social media activity and relevance within the wider geopolitical context.

Geopolitical Context & Affiliations

Ikaruz Red Team (IRT), under various identities, has targeted entities in the Philippines through defacements, small-scale DDoS attacks and now ransomware attacks. This behavior, between 2023 and present day (2024), is part of the larger wave of hacktivist groups targeting the region, as documented by Resecurity in April 2024. Resecurity ties these more recent observations to the greater geopolitical landscape, in the context of rising tensions with China, noting that the Philippines’ strategic significance in the Indo-Pacific makes it an attractive target for actors bent on civil disruption.

Over the last year or so, the Philippines has experienced an increase in scattered hacktivist attack campaigns. Previously identified hacktivist groups such as Robin Cyber Hood, Philippine Exodus (aka PHEDS), Cyber Operations Alliance, and Philippine Hacking University have been claiming credit for a variety of ransomware attacks, misinformation campaigns and espionage. On April 8th, the Philippine’s National Privacy Commission (NPC) launched an investigation into a breach of critical government infrastructure through an attack on the Department of Science & Technology by a previously unknown hacktivist identifying itself as #opEDSA.

Continue reading
1215 Hits

PinnacleOne ExecBrief | AI and Foreign Election Interference

Last week, PinnacleOne considered what the Office of National Cyber Director’s Annual Report means to modern enterprises.

This week, we highlight the convergence of AI and foreign malign influence efforts on the 2024 year of global elections.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: This email address is being protected from spambots. You need JavaScript enabled to view it.

Insight Focus | AI and Foreign Election Interference

The 2024 U.S. elections (and many other global elections) face a threat landscape defined by foreign influence actors using time-tested tactics augmented by emerging AI tools to undermine the democratic process. On May 15, 2024, officials from the Intelligence Community, FBI, and CISA testified before the Senate Select Committee on Intelligence to draw public attention to the evolving threat.

Continue reading
1044 Hits

The Good, the Bad and the Ugly in Cybersecurity – Week 20

The Good | International Law Enforcement Charge Crypto Criminals & Take Down a New Iteration of BreachForums

In the past week, law enforcement agencies took down cryptocurrency thieves responsible for a multi-million dollar theft from the Ethereum blockchain, and seized a second iteration of the notorious hacking platform, BreachForums.

The DoJ has unsealed an indictment charging Anton Peraire-Bueno (24) and James Pepaire-Bueno (28) with conspiracy to commit wire fraud and conspiracy to commit wire fraud and money laundering. The brothers allegedly manipulated the blockchain in 12-seconds to pilfer $25 million worth of cryptocurrency in a first-of-its-kind attack.

This was done by tampering with the transaction validation processes on the blockchain, altering pending transactions, and rejecting requests by victims to return the stolen funds. Prior to the attack on the blockchain, the brothers focused on performing reconnaissance on their victims, learning their identities and trading behaviors. If found guilty, each of the brothers face a maximum sentence of 20 years in prison for each count.

A little over a year has passed since the arrest of Conor Brian Fitzpatrick “Pompompurin”, owner and administrator of BreachForums. This week, the FBI have seized the hacking forum for a second time. Working with international law enforcement partners, the FBI have shut down a Telegram channel belonging to Fitzpatrick’s successor, “Baphomet”, along with the second iteration of the BreachForums website. Authorities are currently investigating the site’s backend data and have issued a call for new information.

Source: FBI

This iteration of BreachForum, run from June 2023 to May 2024, operated as a clearnet marketplace where cybercriminals could buy, sell, and trade illicit contraband such as hacking tools, compromised databases, stolen access devices, and various illegal services. As forums and dark markets continue to rise and fall multiple times, organizations are reminded to keep their defenses up to safeguard their sensitive data.

Continue reading
922 Hits

RSAC 2024 Recap | Advancing the Power of Possibility Through Community

Last week, the SentinelOne team wrapped up another exciting year at RSA Conference 2024. The four-day event was, as usual, an invaluable opportunity to connect with leaders across the community, share stories, and learn from each other. This year’s event garnered attendees numbering 40,000 strong from more than 130 countries, showing just how much expertise is available to be shared.

For those who couldn’t join us in San Francisco, our recap blog captures all of the event highlights including snippets from exclusive keynote sessions and all the announcements from SentinelOne.

RSAC 2024 | Understanding “The Art of Possible” in the Cyber World

This year’s theme for the event was “the art of possible”, a phrase that inspires hope while also serving as a warning to never underestimate what is possible by our cyber adversaries.

Community unlocks possibility and, thinking about the theme as it applies to cybersecurity, we are reminded to celebrate new technologies and leverage the strength of the collective whole and remain vigilant in the face of growing threats and risks.

Delivering The Future of Autonomous Security with Purple AI & Singularity Data Lake

It’s no surprise that many of the conversations at RSAC 2024 revolved around the topic of artificial intelligence (AI) and its impact on the cybersecurity landscape. SentinelOne was thrilled to announce innovative new capabilities within our Singularity Platform, designed to empower IT teams to take a predictive and autonomous stance against incoming threats:

Continue reading
875 Hits

Securing Peace of Mind with Breach Response Warranty

Running a business means accepting all of its fluctuating risks and uncertainties. For business leaders, one of the major challenges is managing their cybersecurity posture in an ever-changing threat landscape. With rapid digitalization and increasingly opportunistic attackers to consider, small to medium-sized businesses (SMBs) can be especially vulnerable.

Based on recent reports, over 40% of cyberattacks target today’s SMBs and only 14% of these organizations have the right response plans and policies to properly face the threat. While many business owners invest in cyber insurance, traditional insurance policies are no longer enough to provide the coverage needed in the current climate.

This blog post dives into why modern business leaders are investing in cyber warranties to round out their cyber defense strategies and fill in the gaps for cyber financial protections needed in a worst-case-scenario. Also, learn more about SentinelOne’s newly launched Breach Response Warranty available for businesses of all levels of endpoint counts.

Taking the Proactive Approach with Cyber Warranties | Why Cyber Insurance Alone Isn’t Enough

Although both cyber insurance and cyber warranties offer financial compensation in the case of a breach, they aim to serve different purposes. Where cyber insurance covers financial losses resulting in data breaches or attacks that have already occurred, cyber warranties are a pledge from security vendors.

Cyber insurance can also sometimes require lengthy paperwork and approval cycles with timelines for compensation being drawn out. Warranties can plug this time gap and provide immediate relief and event payout to help cover the deductible for cyber insurance coverage.

Continue reading
836 Hits

Unify the Analyst Experience with Singularity Operations Center

On April 26, 2024, SentinelOne marked a significant milestone in security management with the launch of the Singularity Operations Center, the new unified security console. This major update to the Singularity Platform is now generally available (GA) to all cloud-native customers, representing a pivotal shift to a more integrated and efficient analyst experience for security teams.

This blog post introduces the many features of Operations Center and delves into how it centralizes security management with unified alerts, asset inventory management, a correlation engine, and our contextualized Singularity Graph to accelerate detection, triage, and investigation. Operations Center significantly boosts analyst productivity with enterprise-wide visibility and control, setting a high standard against other vendors with fragmented systems.

One Console, One Platform

Implementing disconnected tools for different attack surfaces and use cases has led to complex navigation, operational inefficiencies, and less visibility across security ecosystems. Using disparate tools has also generated data spread across multiple consoles, forcing analysts to continuously context switch and making it more difficult to understand their whole security landscape. Together, these pain points detract security teams from their ability to focus on everyday tasks while also creating slower, error-prone, and more manual triage and investigation processes. We built the Singularity Platform and Operations Center to help eliminate noise and workflow disruptions while providing best-in-class protection for organizations everywhere.

The Singularity Platform is an AI-powered cybersecurity platform with one console and one data lake for a truly unified experience. We worked closely with over 200 organizations to ensure the design of Operations Center prioritizes and empowers security analysts, threat hunters, security administrators, incident responders, and SOC managers, considering their everyday tasks through workflow-based navigation. Through our Design Partner Program, our active users, ranging from advanced to early-career analysts across different industries, play a vital role in the product development process to ensure our improvements enhance the overall analyst function.

Gain End-to-End Visibility and Control

One of the core philosophies of Operations Center is centralization. Consolidating security operations through intuitive and integrated design provides a single view across the enterprise. The new unified alert management page enables security teams to conduct faster and more comprehensive investigations by managing and responding to security alerts in one location.

Continue reading
870 Hits

Cloud Native Security | Prioritize Better, Respond Faster, with Verified Exploit Paths™

This week, SentinelOne launched Singularity Cloud Native Security (CNS), our agentless Cloud Native Application Protection Platform (CNAPP) uniquely designed to assess cloud environments through the eyes of a threat actor. As attackers increasingly target cloud environments, SentinelOne’s latest solution helps organizations better defend against these attacks.

CNS simulates attack methods to verify exploit pathways, so-called Verified Exploit Paths. In so doing, CNS reduces the noise of the theoretically possible so that cloud security practitioners can focus on fixing what matters most.

In this blog post, Ely Kahn, VP of Product Management for Cloud Security, AI/ML, and Core Platform, and Anand Prakash, Product Leader for SentinelOne’s Cloud Native Security, explore the value and outcomes of Cloud Native Security. Learn how our agentless CNAPP with a unique Offensive Security Engine is set to help security, developers, and cloud teams collaborate and communicate to radically reduce their cloud and container attack surfaces.

Think Like An Attacker | The Vision for Cloud Native Security (CNS)

Ely: Anand, could you outline our overall vision for Cloud Native Security (CNS)?

Anand: For me, Cloud Native Security (CNS) is cloud security that Thinks Like An Attacker.

Continue reading
771 Hits

PinnacleOne ExecBrief | Cyber Strategy in Focus: Talent, Tools, and Intel

Last week, PinnacleOne examined the growing trend towards digital sovereignty, manifesting in national competition to secure and lead increasingly strategic cloud, AI, and space networks.

This week, we consider what the Office of National Cyber Director’s Annual Report means to modern enterprises.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: This email address is being protected from spambots. You need JavaScript enabled to view it.

Insight Focus | Stratagem

The Office of the National Cyber Director (ONCD) released its inaugural report on the cybersecurity posture of the U.S. last week. The report detailed a contested, complex, and interconnected environment for the U.S. government to navigate. Underlining the greatest hits of last year, like the Volt Typhoon disclosures and multiple takedowns of criminal hacking groups, the report detailed the offensive steps the government took to impact malicious actors. But, most of the content is focused on what the government can do to improve defensive conditions in the U.S. To that end, we have adapted some of the report’s themes for modern enterprise defenders to consider.

Continue reading
683 Hits

The Good, the Bad and the Ugly in Cybersecurity – Week 19

The Good | Russian-Based APT28 & LockBit Developer Condemned and Charged by International Enforcement

International law enforcement agencies took a hard stance against GRU-linked threat actors this week with the official condemnation of APT28 (aka Strontium, Fancy Bear, Forest Blizzard) and identification and sanctioning of LockBit ransomware’s administrator and developer.

NATO and the EU, joined by the U.S. and U.K., formally condemned the Russian threat group known as APT 28 for a long-term cyber espionage campaign against various European countries. In particular, Germany and the Czech Republic highlighted an email-based attack last year on various government agencies as well as organizations across the military, air and space, and IT sectors in NATO member countries, NATO fast reaction corps, and Ukraine. APT 28 has also been known to target critical infrastructures in various other EU member states.

The 2023 attack leveraged CVE-2023-23397, a zero-day vulnerability in Microsoft Outlook, to steal credentials, perform lateral movement in victim networks, and exfiltrate sensitive emails from specific accounts. NATO called on the Russian state to “respect their international obligations and commitments to uphold international law and act within the framework for responsible state behavior in cyberspace.”

From the DoJ, the identity of the developer and administrator behind the notorious LockBit ransomware group has finally been unveiled. Russian national Dmitry Yuryevich Khoroshev (aka LockBitSupp and putinkrab) is also being sanctioned by various international enforcement agencies with the U.S. Department of State offering a reward up to $10 million for information leading to his arrest or conviction.

Khoroshev’s sanctioning follows the joint operation earlier this year disrupting LockBit ransomware infrastructure and operations. Before the seizure of its public-facing websites and servers, Khoroshev and his affiliates were instrumental in LockBit’s rise to one of the world’s most prolific ransomware variants and operations, worth billions of dollars in damages and loss.

Continue reading
722 Hits

macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge

Infostealers targeting macOS devices have been on the rise for well over a year now, with variants such as Atomic Stealer (Amos), RealStealer (Realst), MetaStealer and others widely distributed in the wild through malicious websites, cracked applications and trojan installers. These past few weeks have seen a new macOS malware family appear that researchers have dubbed ‘Cuckoo Stealer’, drawing attention to its abilities to act both as an infostealer and as spyware.

In this post, we review Cuckoo Stealer’s main features and logic from a detection point of view and offer extended indicators of compromise to aid threat hunters and defenders. At the time of writing the latest version of XProtect, version 2194, does not block execution of Cuckoo Stealer malware. SentinelOne customers are protected from macOS Cuckoo Stealer.

More Cuckoo Stealers Appearing

Since the initial report on the emergence of this family of malware on April 30, we have seen a rise in new samples and trojanized applications from the four originally reported by Kandji to 18 unique trojanized applications at the time of writing, with new samples appearing daily.

The trojanized apps are various kinds of “potentially unwanted programs” offering dubious services such as PDF or music converters, cleaners and uninstallers (a full list appears in the IoCs at the end of this post) such as:

App Uninstaller.appDumpMedia Amazon Music Converter.appFoneDog Toolkit for Android on Mac.appiMyMac PDF Compressor.appPowerUninstall.appTuneSolo Apple Music Converter.app

As reported previously, these applications contain a malicious binary in the MacOS folder named upd. The most recent binaries – in ‘fat’ and ‘thin’ versions for both Intel x86 and arm64 architectures – are ad hoc codesigned and their parent applications all share the same bundle identifier, upd.upd.

Continue reading
783 Hits

macOS Adload | Prolific Adware Pivots Just Days After Apple’s XProtect Clampdown 

It’s been little more than a week since Apple rolled out an unprecedented 74 new rules to its XProtect malware signature list in version 2192. A further 10 rules were appended in version 2193 on April 30th. Cupertino’s security team were clearly hoping that a concerted effort would serve to disrupt prolific adware distributor Adload’s assault on macOS devices. Those behind the adware, however, appear to have pivoted quickly as dozens of new Adload samples are already appearing that evade Apple’s new signatures.

In this post, we take a look at one variant of these new samples that is almost entirely undetected on VirusTotal at this time. We hope this exposure will both help inform security teams looking to keep adware nuisances out of their environment and serve to boost detection recognition across other vendor engines.

Apple’s Massive Adload Signature Update

With XProtect version 2192, Apple added 74 new rules to XProtect.yara. While a few of these were targeted at other malware and adware distributors, the vast majority targeted adware widely known as Adload.

Well, there are 74 new rules in XProtect v2192 , so it's going to take me a bit to update https://t.co/Fgr7MGgRL2 with sample hashes, but interesting to see Apple trying to disrupt Adload's entire codebase. pic.twitter.com/n0eX6FfSEh

— Phil Stokes ⫍⫎ (@philofishal) April 25, 2024

Continue reading
929 Hits

PinnacleOne ExecBrief | Commercial Industry in Contested “Space”

Last week, PinnacleOne examined the state of aviation cybersecurity given recent incidents and federal action.

This week, we boost our view into orbit and dive into the intersection of cybersecurity and geopolitical risk facing the rapidly expanding space economy.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: This email address is being protected from spambots. You need JavaScript enabled to view it.

Insight Focus: Commercial Industry in Contested “Space”

In early April, the United States Space Force (USSF) released their first Commercial Space Strategy, embarking on a major shift in its approach to space operations, one that recognizes the pivotal role of the private sector in driving innovation. This USSF move to integrate commercial space solutions into “hybrid architectures” will raise critical issues of “dual-use capabilities” facing cyber and counterspace threats from China and Russia across peacetime, crisis, and conflict.

Continue reading
1054 Hits

The Good, the Bad and the Ugly in Cybersecurity – Week 17

The Good | U.S. Govt Sends Spyware Abusers, Cybercriminals, and Crypto Launderers to Court

The U.S. government this week took three decisive actions against cyber criminals: a visa ban on thirteen spyware makers and sellers, sanctions against four Iranian nationals for their roles in recent cyberattacks, and an official charge for two cryptomixers.

Following the February announcement to set visa restrictions on commercial spyware developers and vendors, the Department of State has cracked down on the first thirteen individuals and their families. Excluding visa applications in this case effectively bans those who are linked to such operations from entering the U.S. The abuse of spyware has been a rising issue in recent years as adversaries use it to target persons of interest such as journalists, human rights advocates, academics, and government employees.

Two front companies and four individuals were sanctioned by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) for their association to cyber activities supporting the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) over the span of five years. Collectively, the identified threat actors have targeted over a dozen U.S. organizations, including the U.S. government and defense contractors through spear phishing and malware attacks, compromising over 200,000 employee accounts.

Up to $10 Million Reward & Possible Relocation

These individuals conducted malicious cyber ops against U.S. firms and government agencies on behalf of Iran’s IRGC.

Continue reading
918 Hits

Ransomware Evolution | How Cheated Affiliates Are Recycling Victim Data for Profit

Threat actors consistently alter and develop their schemes in order to further escalate their payoffs. In a new trend, ransomware affiliates are actively re-monetizing stolen data outside of their original RaaS agreements, especially as financial squabbles between threat actors emerge in the ransomware economy. The affiliates in such instances are starting to work with third-parties or external data leak services in order to re-extort victims who have already paid the ransom to the original attackers.

This blog post examines how affiliate attackers are embracing this new third-party extortion method, illustrated most recently by the ostensibly back-to-back cyberattacks on Change Healthcare and the emergence of services like RansomHub and Dispossessor.

ALPHV Exit Scam & Re-Extortion by RansomHub

In February 2024, a subsidiary of healthcare giant UnitedHealth Group (UHG) was forced to take down its IT systems and various services. The root of the disruption was a cyberattack by a BlackCat (aka ALPHV) affiliate on Change Healthcare, a healthcare technology platform used by the subsidiary.

Post-attack, ALPHV ransomware operators reportedly took down their data leak blog, servers, and operation negotiation sites, and failed to pay the affiliate their agreed share of the ransom.

Purportedly, Change Healthcare paid out the $22 million ransom demand, only to be targeted a second time just weeks after recovering from the initial attack. This time around, the ransomware attack was claimed by a threat actor working in conjunction with RansomHub, a new extortion group claiming to hold 4 terabytes of the victim’s sensitive data including personally identifiable information (PII) of active U.S. military personnel, patient records, and payment information.

Continue reading
845 Hits

PinnacleOne ExecBrief | Aviation Cybersecurity

Last week, PinnacleOne reviewed escalation dynamics in the Middle East.

This week, we turn our attention to domestic critical infrastructure with a look at recent developments in aviation cybersecurity.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: This email address is being protected from spambots. You need JavaScript enabled to view it.

Insight Focus | Aviation Cybersecurity

The aviation sector continues to face a complex and evolving cybersecurity threat landscape with nation-state actors, cybercriminal groups, and hacktivists targeting critical infrastructure. Last week, the FAA issued a ground stop order on Alaska Airlines for one hour due to an “upgrade issue with flight software that calculates weight and balance.” This follows a similar hour-long nationwide ground stop last year caused by a software update at United Airlines, a network-wide outage at WestJet caused by a service provider, and a ransomware breach at Sabre.

Continue reading
900 Hits

The Good, the Bad and the Ugly in Cybersecurity – Week 16

The Good | DoJ Indicts Cryptojacking Criminal and Botnet Operator Supporting Ransomware Actors

The DoJ doled out two indictments this week: the first announcing the arrest of Charles O. Parks III for his role in an elaborate cryptojacking scheme, the second, charging Alexander Lefterov, owner and operator of a major botnet.

Parks was charged with wire fraud, money laundering, and illegal transactions, tallying up to a maximum of 30 years in prison. According to the DoJ, the basis of Parks’ scheme was renting $3.5 million worth of cloud servers through a number of fake LLCs in order to mine nearly $1 million in cryptocurrency.

After tricking the cloud service providers (CSPs) into escalating his privileges, Parks was given access to services equipped with powerful graphics cards that were then used to mine Monero, Litecoin, and Ether. The mined funds were laundered through purchasing NFTs and converting them through traditional banks and various crypto exchanges to fund a lavish lifestyle.

Lefterov was indicted by a federal grand jury for aggravated identity theft, computer fraud, and conspiracy to commit wire fraud. Through the large-scale botnet he maintained, the Moldovan national and his associates have been linked to thousands of compromised computers across the U.S.

Source: FBI

Using credentials harvested from the infected computers, Lefterov and his co-conspirators targeted victims’ financial accounts across banking, payment processing, and retail platforms to steal money. In tandem, Lefterov allegedly leased his botnet to other cybercriminals for ransomware distribution, later receiving a share of the profits from successful attacks.

Continue reading
869 Hits

Insuring Cyber Health | Chubb’s Insight via SentinelOne Telemetry

In an expanding collaboration between Chubb, one of the largest publicly traded property and casualty insurance companies, and SentinelOne, a cybersecurity leader, clients of SentinelOne who are also Chubb policyholders can now share their enterprise cyber health assessment data with Chubb. This facilitates a more efficient and precise underwriting process.

With the increasing emphasis on cybersecurity investment, insurance carriers are seeking greater transparency into their insureds’ cybersecurity health. The collaboration not only offers policyholders streamlined access to SentinelOne’s cybersecurity solutions, but also enhances transparency into policyholders’ cyber health investments through SentinelOne’s Vital Signs Report.

This post captures a Q&A between Craig Guiliano, SVP of Threat Intelligence and Policyholder Services at Chubb, and Bridget Mead, Senior Manager of IR Cyber Risk at SentinelOne, as they address some frequently asked questions about the Vital Signs Report.

Q: What is the Vital Signs Report?

Chubb/Guiliano: The Vital Signs Report (VSR) is an assessment of our policyholders’ cybersecurity posture. This report is going to be a game changer for not only how we, as the carrier, assess our individual policyholder’s cybersecurity health, but for our ability to assess our portfolio exposure as one of the world’s largest insurance companies. Our underwriters are quickly moving away from checkboxes on a questionnaire and moving towards data-driven policy renewal decisions.

SentinelOne/Mead: The VSR is based on a collection of internal signals that we mapped to the Center for Internet Security’s (CIS) Critical Security Controls (CIS Controls) CIS18 framework. We make the report available to all SentinelOne clients at no charge. It displays the strength of a client’s digital environment in areas important to cyber security and the cyber insurance underwriting process. The graphic below shows the major categories included.

Continue reading
979 Hits

S Ventures Invests in Guardz to Revolutionize Cybersecurity for SMBs

We are thrilled to announce our latest S Ventures investment in Guardz, a unified cybersecurity platform built to empower MSPs to secure and insure small to medium-sized businesses (SMBs).

A Modern Approach to Cybersecurity for SMBs

SMBs today face a unique set of challenges when it comes to protecting against the evolving cybersecurity threat landscape. With cloud and SaaS adoption, SMBs’ IT infrastructures are becoming increasingly complex to manage. This is coupled with limited budgets and staff, making it difficult for SMBs to acquire and deploy best-in-class cybersecurity solutions. With 88% of the SMB market turning to Managed Service Providers (MSPs) for cybersecurity protection, there is a critical need to build a scalable, easy-to-use cybersecurity platform that is specifically tailored to the needs of MSPs and their SMB customers.

In comes Guardz – addressing this gap head-on and developing a modern approach for SMB cybersecurity. The Guardz platform combines a robust cybersecurity technology and deep insurance expertise that ensures MSPs and their SMB customers can proactively safeguard their digital assets against a myriad of cyber threats, mitigate cybersecurity risks, and prevent the next cybersecurity attack.

“Guardz offers a modern approach to protect the underserved SMB market, developing a  unified cybersecurity solution that is built for MSPs from day one. This investment underscores SentinelOne’s unwavering commitment to pioneering cybersecurity solutions and amplifies our partner-first philosophy.”

Ken Marks, Vice President, Worldwide Channels & MSSP

Continue reading
796 Hits

PinnacleOne ExecBrief | Navigating International Conflict and Escalation Dynamics

Last week, PinnacleOne detailed how firms can navigate the era of AI in cybersecurity and emerging tools to keep pace with advancing threats.

This week, we focus on recent escalation dynamics in the ongoing conflict in the Middle East.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: This email address is being protected from spambots. You need JavaScript enabled to view it.

Insight Focus | Navigating International Conflict and Escalation Dynamics

Summary of Recent Events

Conflict between Israel and Iran simmered for decades before the most recent spike in tensions. The proximate cause for Iran’s assault on Israel this weekend was the result of that country violating well-established norms. Israel bombed an Iranian diplomatic facility adjacent to the main embassy in Syria killing senior Iranian generals. Embassies and their compounds are considered the sovereign land of the country that they represent – in the U.S., law enforcement agencies (like local police) are prohibited from stepping foot within their walls.

Continue reading
926 Hits