A Trojan SDK snuck past Google Play protections to infest 101 Android applications, bent on exfiltrating infected device data. Read More
Related Posts
TeamViewer abused to breach networks in new ransomware attacks
TeamViewer abused to breach networks in new ransomware attacks
Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. […] Read More
BleepingComputer
Linux Admins Beware! Fake PuTTY Client That Rhadamanthys Stealer
Linux Admins Beware! Fake PuTTY Client That Rhadamanthys Stealer
[[{“value”:”
PuTTY is among the most popular targets of hackers due to several reasons.
Firstly, it is used for remote access to servers and systems at large, hence a great ground for infiltration.
Exploiting vulnerabilities or misconfigurations in PuTTY can expose sensitive data or allow code execution on targeted machines.
By hacking into PuTTY installs, hackers can set up persistent backdoors and transit networks sideways to extend their scope and influence.
Cybersecurity researchers at Malwarebytes Labs recently warned Linux admins of a fake PuTTY client dubbed “Rhadamanthys” Stealer.
Fake PuTTY Client Rhadamanthys Stealer
Hackers utilize malicious advertisements impersonating legitimate software like PuTTY to distribute malware loaders.
These loaders aim to compromise systems and deploy additional payloads while evading detection.
Document
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, which helps you to quantify risk accurately:
In this case, the threat actor purchased an ad falsely claiming to be the PuTTY homepage, appearing at the top of search results before the official site.
While the unrelated domain raised suspicions here, many advertisements closely mimic trusted brands, making them effective lures for distributing stealthy malware loaders that enable further exploitation.
Potential victims from the United States are redirected to a fake putty.org, while others are shown a legitimate page that bypasses security checks.
This redirection chain is multi-staged and possibly probes for proxies as well as logs victims’ IPs before serving a final malware payload.
Acting like the PuTTY program, this dropper is written in Go, which provides the attackers with an entry point into compromised systems for future exploitation.
The deceptions of such a campaign and the complexity of its payload delivery scheme reveal the extent to which threat actors can spread malware without being noticed.
This is done to show that, the victim did follow the deceptive ad campaign and downloaded it from a fake PuTTY site.
In case IP matches, it fetches a follow-on payload from the CnC server; as a result, it further propagates the multi-stage infection chain.
As such, this process of IP verification helps them distinguish potential researchers or honeypots who may have been lured into participating in this campaign.
This keeps additional payloads from being sent to any other system violated through their fraudulent advertisement campaigns.
The Go-based dropper uses SSH protocol in secret to pull the following-stage payload, probably Rhadamanthys malware, from some command and control server, reads the report.
This multiple-component infection chain, which offers malware deployment services ranging from malicious ads to loaders and final payloads, demonstrates a sophisticated malvertising infrastructure controlled by the same bad actor.
Although this particular campaign was reported to Google, it shows how threat actors are always changing their techniques to evade security controls.
To counter such stealthy malware distribution schemes, proactive defense mechanisms like strong malware detection and ad-blocking are crucial.
IoCs
Decoy ad domain
arnaudpairoto[.]com
Fake site
puttyconnect[.]info
PuTTY
astrosphere[.]world
0caa772186814dbf84856293f102c7538980bcd31b70c1836be236e9fa05c48d
IP check
zodiacrealm[.]info
Rhadamanthys
192.121.16[.]228:22
bea1d58d168b267c27b1028b47bd6ad19e249630abb7c03cfffede8568749203
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Linux Admins Beware! Fake PuTTY Client That Rhadamanthys Stealer appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Best Network Security Vendors for SaaS – 2024
Best Network Security Vendors for SaaS – 2024
Network security for Software as a Service (SaaS) requires a combination of rules, procedures, and technologies to ensure the confidentiality, integrity, and availability of SaaS-provided data and services.
As-a-Service Security (SaaS) refers to a cloud-based methodology for delivering security services over the Internet, specifically in the context of network security.
Businesses increasingly use security services provided by third-party providers as an alternative to building and operating hardware and software on-premises.
Some of the services offered include anti-malware and firewall protection, intrusion detection, and security event management. SaaS provides businesses with up-to-date security, lowers the cost of infrastructure, and allows for expansion.
Without requiring much interaction from the user, this architecture ensures that security measures are continually updated in response to the growing threat landscape.
Why is SaaS security so important?
SaaS security is crucial since many businesses now run on cloud-based software. Despite the convenience and scalability, these systems might leave users vulnerable.
If sensitive data is compromised in a SaaS application due to unauthorized access, a data breach, or another cyber incident, it could lead to financial losses, regulatory penalties, and brand harm.
A solid SaaS security system is more important when protecting your business, stakeholders, and users’ confidence.
Without careful SaaS security measures, businesses risk not only data breaches but also failing to meet international regulations, which carries its own complications.
Table of Contents
What is SaaS in network security?
Why is SaaS Security so important?
Challenges in Securing SaaS Platforms
SaaS Security Best Practices
Best Network Security Vendors for SaaS
Best Network Security Vendors for SaaS Features
1. Perimeter 81
2. Palo Alto Networks
3. Fortinet
4. Symantec
5. Check Point
6. McAfee
7. Okta
8. Sophos
9. Netskope
10. Qualys
Conclusion
FAQ
Challenges in Securing SaaS Platforms
Multi-tenancy:If necessary isolation isn’t maintained, the reality that SaaS platforms host several clients on the same resources might result in data leakage or breaches.Data Privacy: It might be difficult to guarantee data security and compliance with widely varied worldwide requirements, such as GDPR.Access Control:It’s essential to restrict access to sensitive information and features to only those who need it, but it cannot be easy to manage permissions.Shadow IT:Unauthorized use of SaaS applications by employees can compromise a company’s network without the knowledge of IT personnel.Data Residency:It can be challenging to comply with data protection rules worldwide and ensure data is stored in appropriate locations.Loss of Control: When companies use SaaS from outside vendors, they give up some control over the system’s security.End-Point Security: With consumers using SaaS platforms from a wide variety of devices, it is always a challenge to keep each endpoint secure.Account Hijacking: Cyberattacks, such as phishing, can result in stolen information or the misuse of sensitive accounts.Inconsistent Security Policies: Using a wide variety of SaaS products could make your network vulnerable due to inconsistencies in their security measures.
SaaS Security Best Practices
Multi-Factor Authentication (MFA): Multi-factor authentication can reduce the risk of unauthorized entry.
Single Sign-On (SSO): Minimize the attack surface and the possibility of users losing their passwords by centralizing user authentication.
Data Encryption:
In-Transit: Data communication between client and server should be encrypted using protocols such as TLS.
At-Rest: Ensure all your databases and other data storage locations use encryption.
Regular Security Audits and Assessments:
Check the security measures and configurations regularly.
Use a penetration testing service to find security flaws.
Data Backup and Recovery:
Establish fully automated backup systems.
Make sure you’re ready for any incident.
Endpoint Security:
Make sure all devices used to access the SaaS app are protected.
Always keep your hardware up to date and patched.
API Security:
You can keep application interfaces safe from attacks using API gateways and regular security testing.
Network Security:
Protect your network using firewalls, IDS/IPS, and secure protocols.
Monitoring and Alerting:
Logs and records of transactions should be monitored constantly.
Set up instant notifications whenever anything suspicious occurs.
Educate Employees:
Maintain a consistent schedule of training on security best practices.
Increase everyone’s awareness of security issues.
Vendor Management:
Ensure that all external service providers observe severe safety measures.
Vendor security should be reviewed and evaluated often.
Best Network Security Solutions for SaaS
Perimeter 81
Palo Alto Networks
Fortinet
Symantec
Check Point
McAfee
Okta
Sophos
Netskope
Qualys
Best Network Security Vendors for SaaS Features
Best Network Security Vendors for SaaSFeatures1. Perimeter 81 Safe access from afar
Access to a network without trust
Authentication with Multiple Factors
Adding the cloud
Perimeter Set by Software
Management from one place2. Palo Alto NetworksFirewall of the Future
Stopping Threats
Cleaning up URLs
In charge of applications
Safety of the Network
Cloud Safety3. FortinetThe FortiGate Firewall
Threat Intelligence from FortiGuard
Web Application Firewall from FortiWeb
The FortiSandbox
Endpoint Security for FortiClient
Management in one place with FortiManager4. Symantec Stopping Data Loss
Safe Web Gateway
Managing Identity and Access
Keeping track of security information and events
Data encryption and safety5. Check PointSafety of the Network
Mobile Safety
Knowing Yourself
Endpoint Safety
In charge of security
Zero-Day Protection from SandBlast6. McAfeeStopping Data Loss
Keeping track of security information and events
Guarding the web
Email Safety
Management of Identity and Access7. OktaOne-Time Sign-On
Authentication with Multiple Factors
The Universal Directory
Managing the lifecycle
Management of API Access
Real-time authentication8. SophosGuarding the web
Safety for wireless
Using encryption
Server Safety
Safety for wireless9. NetskopeTaking Care of Cloud Security
Protect against insider threats
Service Edge for Secure Access
Management of Identity and Access
Safety for APIs10. QualysTaking care of vulnerabilities
Monitoring All the Time
Policy Follow-Up
Safety from Threats
Questionnaire for Assessing Security
Inventory of Assets
1. Perimeter 81
Perimeter 81
Gain complete visibility of your resources using Perimeter 81, whether local or in the cloud, and enjoy secure, speedy remote access via local gateways.
Seamlessly integrate with leading cloud providers like Amazon AWS, Google Cloud, and Microsoft Azure.
Set up flexible access rules tied to roles and devices.
You’ll have cost-effective access control and comprehensive monitoring across all environments.
Streamline your toolkit and reduce complexity by using a unified set of security and networking tools.
Customize access policies and traffic rules easily as your organization expands.
As a Secure Access Service Edge solution, Perimeter 81 is built for high-performance, unified networking and security.
It’s ideal for global tech companies with distributed resources and workforces.
Achieve SOC 2 Type 2 and ISO 27001/2 compliance effortlessly with encryption, visibility, activity logging, and access control measures in place.
Features
Digital security features block harmful websites and safeguard users from digital risks.
Perimeter 81 allows employees to connect their smartphones and tablets to the network safely.
Its many server locations provide low-latency connectivity and redundancy for global users.
The platform provides reporting and audits to meet compliance needs.
What is Good?What Could Be Better?Secure data transmission.Limited control over SaaS data.Compliance with data privacy regulations.VPN latency issues.Fine-grained access permissions.Perimeter 81 usually provides customer support, ensuring availability.
Perimeter 81 – Trial / Demo
2. Palo Alto Networks
Palo Alto Networks
App-ID technology facilitates continuous discovery, categorization, and control in the world of SaaS applications.
This dynamic process extends across all cloud applications and permeates the entire enterprise.
It is the bedrock of cloud enterprise DLP, safeguarding sensitive data and ensuring compliance across various modern collaboration tools.
Leveraging the extensive API-based coverage of SaaS applications, encompassing Microsoft 365, SFDC, Box, and more, including the likes of Slack, Jira, Teams, and
Confluence, this solution is adept at thwarting novel malware and zero-day threats within both authorized and unauthorized SaaS environments.
Operational streamlining is achieved by unifying SASE, CASB, and DLP within a single cloud console, delivering a seamless, gap-free security experience.
Manage your data protection and enterprise security effortlessly, all from one centralized location.
Moreover, it automates the discovery, regulation, and control of all applications in use across the organization, aligning with the exponential growth of SaaS applications.
Features
Provides network security for IoT devices.
Provides tools to detect risks and automatically manage security incidents.
Comprehensive monitoring and reporting help organizations comply with regulations.
Palo Alto Networks protects cloud operations and containers.
A platform for efficient security operations and incident response with enhanced security orchestration, automation, and response.
What is Good?What Could Be Better?Prevents unauthorized access.Costly licensing and hardware.Comprehensive DLP coverage.Incomplete SaaS app visibilityAdvanced threat detection.Deep application visibility and control for accurate security policy administration.
Palo Alto Networks – Trial / Demo
3. Fortinet
Fortinet
The data entering and leaving your SaaS applications is constantly being examined by Fortinet’s SaaS security Vendors, which serve as watchful sentinels.
These defenses employ cutting-edge methods, effectively outsmarting even the most devious cyber adversaries.
By providing a unified framework of SaaS security protocols and guidelines covering the entire network, Fortinet’s offerings give organizations a clear perspective that is accessible through a single interface.
This includes invaluable insights into governance and compliance standards.
The FortiCASB-SaaS Cloud Access Security Broker service taps into the APIs of SaaS applications, monitoring every aspect of their activity and settings.
This centralized approach provides comprehensive visibility, ensuring uniform access control, resource management, configuration, and security protocols.
Furthermore, it diligently scans stored files, promptly identifying malware and advanced persistent threats, thus significantly reducing the potential for these harmful files to propagate across your network.
Features
Advanced firewall with intrusion prevention, application control, and SSL inspection.
Real-time threat updates and global threat intelligence to combat emerging attacks.
SD-WAN and security optimize network performance and data security.
Analysis and quarantining of suspicious files and threats via sandboxing.
Secure network access and cloud security using cloud-native SASE.
What is Good ?What Could Be Better?SaaS application usage is entirely transparent. Complex setup and management.Visibility and management of resource use SaaS app performance impactComplete support for all important SaaS applicationsOptimizes network administration with SD-WAN and security.
Fortinet – Trial / Demo
4. Symantec
Symantec
Network security products from Symantec serve as watchful defenders, ensuring the dependability and security of the digital sphere.
The Software as a Service (SaaS) network security focus of Symantec combines cutting-edge technologies and rich functionalities to strengthen cloud-based software environments.
First, Symantec’s network security uses advanced threat detection and prevention tools, like intrusion detection and prevention systems (IDPS), to stop bad things from happening by looking at real-time network traffic.
To protect data privacy and regulatory adherence, Symantec implements robust encryption and access controls, securing data both at rest and during transmission and keeping sensitive information confidential.
With seamless integration into a variety of SaaS platforms and pre-existing network architectures, Symantec’s SaaS security Vendors also provide extensive security analytics and reporting capabilities.
These insights shed light on network traffic, user behavior, and security incidents, enabling proactive threat mitigation and facilitating compliance audits.
Features
Blocks malware, viruses, and online hazards.
Complete firewall and identity theft protection online.
The complete security package includes antivirus, VPN, password manager, and more.
Protects corporate endpoints against sophisticated malware.
Protects data and detects threats in cloud environments.
What is Good?What Could Be Better?Real-time threat insights.SaaS app compatibility issues.Data protection and encryptionResource-intensive scanningProven threat expertiseOffers customer service around the clock.
Symantec – Trial / Demo
5. Check Point
Check Point
In order to thwart intruders, Checkpoint acts as a dynamic fortress outfitted with a powerful arsenal.
At their core, robust firewalls play sentinel, scrutinizing data packets with keen discernment.
This scrutiny guarantees that only authorized traffic penetrates, forming an impenetrable shield.
Inside, advanced threat detectors like IPS and malware sandboxing stealthily identify and neutralize threats with precision.
They ensure minimal infiltration risk. Now, consider SaaS tools dwelling in the cloud; they introduce fresh security challenges.
These include susceptibility to new malware and phishing attacks and potential client data exposure.
With user-friendly interfaces and technical know-how combined for a strong digital defense, Checkpoint is at the forefront of SaaS network security.
Features
Advanced firewall with intrusion prevention, application control, and VPN.
Real-time updates protect against malware, zero-day attacks, and advanced threats.
Manage and monitor security policies and configurations centrally.
To avoid malware, analyze and isolate questionable files in a sandbox.
Antivirus, anti-ransomware, and threat prevention protect endpoints.
What is Good?What Could Be Better?Centralized management simplifies administration.High maintenance costs.Allows rigorous access controls with zero trust network access.Complex rule managementProtects cloud and mobile settings.“Never trust, always verify” is their strict security policy.
Check Point – Trial / Demo
6. McAfee
McAfee
To protect endpoints, emails, websites, and networks, it uses the cloud, streamlining IT tasks and cutting costs.
This dynamic system continually scans network traffic, scrutinizing data packets for unusual activity or irregularities.
When switching from on-premises to the cloud, organizations can enforce security protocols and protect sensitive data thanks to McAfee’s CASB solution, which provides a clear window into SaaS usage.
Additionally, it strengthens your defenses with functions like SSL inspection, URL filtering, and anti-malware safeguards.
These tools ensure secure SaaS application access and thwart phishing attacks.
Their endpoint security solutions include anti-virus, anti-malware, and device control to fortify user devices.
McAfee’s network security Vendors also provide a comprehensive approach to SaaS cybersecurity.
By preserving the privacy, accuracy, and accessibility of your vital data and applications, they give you the confidence to embrace cloud technology.
Features
Protects business endpoints from sophisticated threats and data loss.
Detects threats and protects cloud data.
Blocks spam and threats via email.
Web traffic is protected by content filtering and real-time scanning.
Monitors and stops data breaches and illegal access.
What is Good?What Could Be Better?Cloud-native security.SaaS data privacy concernsThreat intelligence sharingFrequent false positives.Simplified security operations.Helps parents keep an eye on and manage their kids’ internet activities
McAfee – Trial / Demo
7. Okta
Okta
To ensure future readiness, it enables you to strengthen your current security investments and expand them to the cloud.
Seamless integration between on-premises and cloud security means consistent policy management across your entire environment, ensuring a unified approach.
When Okta is combined with network security Vendors, you establish a policy-driven, user-friendly, and dependable security infrastructure that benefits both end users and administrators.
The synergy between Okta and network security Vendors creates a robust security ecosystem and safeguards sensitive data, applications, and users, regardless of location.
SaaS-specific capabilities offered by Okta include Enterprise Federation, Delegated Administration, Multi-factor Authentication (MFA), Custom Branding, and Pre-built Security Options.
You can easily build a thorough security ecosystem with Okta and adapt to changing security threats while maintaining consistent policies.
Features
A central user directory for identity and attribute management.
User provisioning, de-provisioning, and updates are automated.
Securely controls API and microservice access.
Customizes authentication based on user behavior and circumstance.
Monitors questionable activities and restricts access.
What is Good?What Could Be Better?Secure Single Sign-On (SSO) and Adaptive MFALimited SaaS protection featuresPolicy-Based SecurityIdentity spoofing risks.Simplified access through firewalls and VPNs.Helps meet the needs of regulations and standards.
Okta – Trial / Demo
8. Sophos
Sophos
Sophos uses contemporary cloud-based security techniques to enable real-time threat detection and response across its SaaS infrastructure.
This means that emerging threats are swiftly pinpointed.
To secure data in transit, Sophos relies on robust encryption protocols, ensuring data privacy and integrity while it moves to and from the SaaS platform.
By using Identity and Access Management (IAM) solutions, verifies user identities and watches access patterns, thwarting unauthorized access and suspicious activities.
To analyze user behavior, spot unusual behavior, and successfully thwart insider threats, Sophos leverages the power of machine learning algorithms.
For centralized monitoring and analysis that ensures quick incident response, it incorporates Security Information and Event Management (SIEM) capabilities.
Administrators can use granular access controls to exert fine control by defining user permissions based on their roles and responsibilities and preserving the security of sensitive data.
Features
Protects devices from malware, ransomware, and sophisticated threats.
Network security vendors using intrusion prevention and application control.
Detects and blocks harmful online traffic.
Allows only approved devices on the network.
Secures and manages mobile devices.
What is Good?What Could Be Better?Provides endpoint, network, and cloud cybersecurity solutions.Incomplete SaaS app coverageFacilitates management using simple interfaces.Complex policies to configure.Centralizes security for easier administration.Effectively blocks malware, ransomware, and sophisticated threats.
Sophos – Trial / Demo
9. Netskope
Netskope
Netskope ensures your security by routinely comparing the settings of your SaaS apps to a range of industry standards, including CIS, PCI-DSS, NIST, HIPAA, CSA, GDPR, AIPCA, ISO, and more.
Along with monitoring the configuration settings of your managed apps, it flags any connections to third-party apps and assigns risk levels for your management.
The inventory view offers a clear overview of all SaaS app instances and resources, providing valuable context.
Data queries for SaaS apps are made more accessible by the Netskope Governance Language’s (NGL) suggested syntax auto-complete features.
Moreover, Netskope Intelligent SSE relies on the robust Netskope Security Cloud platform, offering unparalleled visibility and real-time threat protection for cloud services, websites, and private apps accessible from any device and location.
This comprehensive approach ensures your security posture remains robust and adaptable to evolving threats.
Features
Monitors and controls cloud apps and data.
Provides online traffic URL screening, threat protection, and data loss prevention.
Monitors and stops cloud and web traffic data leaks.
Assessment and enforcement of cloud security policies.
Secures network access with zero trust.
What is Good What Could Be Better?Secures cloud and web applications, essential in today’s digital world.Planning and skills may be needed for deployment.Granular cloud and web traffic visibility and controlUsers may need time to master the platform.Strong cloud DLP to secure sensitive data.Helps secure resource access with zero trust.
Netskope – Trial / Demo
10. Qualys
Qualys
In today’s fast-paced business landscape, SaaS applications like Microsoft Office 365, Google Workspace, Salesforce, and Zoom are the cornerstone of modern, adaptable organizations.
However, their increasing adoption also poses new challenges for security teams struggling with limited oversight.
Compared to other SaaS security and posture management options, the QualysNetwork Solution for SaaS is a complete toolset.
It harnesses the Qualys Cloud Platform’s capabilities to simplify and automate SaaS app management, covering global settings, user permissions, licenses, and files and their security and compliance status.
By extending its reach, Qualys gives you total access to your network’s IT assets, whether on-site, in the cloud, or on mobile devices.
It even identifies potential vulnerabilities and empowers you to fortify your defenses.
Embrace QualysNetwork Solution for SaaS to enhance your organization’s SaaS security posture.
Features
IT security risks are identified and prioritized.
Tracks asset and security status in real-time.
Installs security patches on vulnerable systems automatically.
Protection against threats and vulnerabilities through threat intelligence and analysis.
Compliance evaluation and reporting help meet regulations.
What is Good?What Could Be Better?Provides many security and compliance solutions.Limited dashboard and report customization.Easy deployment and scalability without on-premises hardware.Users report uneven customer support experiences.Continuously monitors assets and vulnerabilities.Scales for small and large businesses.
Qualys – Trial / Demo
Conclusion
Many companies now rely heavily on SaaS apps due to the widespread adoption of digital transformation.
However, the evolution to cloud-based solutions introduces new security concerns.
The accessibility of reliable network security solutions for SaaS is an essential requirement.
Comprehensive security procedures protect not just the data but also the confidence of stakeholders and customers.
SaaS security solutions are becoming more necessary for enterprises to fully utilize the cloud while mitigating risks as cyber threats increase.
Modern, resilient, and successful businesses must combine SaaS with solid network security.
FAQ
If you’re going to use a cloud service, be sure it has strong encryption both while the data is in motion and when it’s sitting idle. Look into the platform’s security documentation or talk to the company behind it.
Yes, many SaaS apps can connect to third-party security tools like firewalls, intrusion detection systems, and SIEM systems.
SaaS applications need network security to secure sensitive data, maintain company continuity, build consumer trust, and meet regulations.
The post Best Network Security Vendors for SaaS – 2024 appeared first on Cyber Security News.
Cyber Security News