Wiz to Acquire Gem Security for $350M to Address Cloud Security
[[{“value”:”
Wiz, a leading cloud security company, has announced its acquisition of Gem Security for $350 million.
This acquisition marks a significant milestone in Wiz’s journey, which began just four years ago when its founders left Microsoft with a vision to reinvent cloud security.
Wiz’s story is one of rapid growth and innovation.
Since its inception, the company has been on a mission to revolutionize risk reduction in the cloud.
Wiz’s approach to cloud security has resonated with the industry, setting new standards for security and development teams across the Fortune 100 and burgeoning cloud-native companies.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .
The acquisition of Gem Security is a testament to Wiz’s commitment to expanding its cloud security solutions.
Gem Security’s expertise in Cloud Detection and Response (CDR) is poised to complement Wiz’s existing offerings, addressing the next wave of security challenges faced by organizations.
Gem Security brings to the table an unmatched understanding of cloud threats.
Their team’s proficiency in CDR will be instrumental in Wiz’s efforts to reinvent Security Operations (SecOps) for the cloud era.
Cloud security presents unique challenges, including tool sprawl, silos, and visibility gaps.
Wiz’s acquisition of Gem Security is a strategic response to these issues, aiming to simplify and reduce security tools and processes.
With the integration of Gem Security’s CDR capabilities, Wiz is set to redefine the landscape of cloud security operations.
The combined strengths of the two companies will enable security organizations to establish a robust security posture and more effectively detect and respond to threats in the cloud.
The acquisition signals a new era for SecOps, as organizations seek to build securely by design in the cloud.
Wiz’s expanded portfolio will now address the full spectrum of cloud security needs, from prevention and security posture management to detection and response.
Industry Reactions
The response from customers and industry experts has been overwhelmingly positive.
The integration of CNAPP with Gem Security’s CDR expertise is seen as a natural progression for Wiz, as it continues to push the boundaries of innovation and simplify complex security challenges at speed.
As Wiz integrates Gem Security’s team and technology, the cloud security industry watches with anticipation.
This acquisition is not just about growth. It’s about shaping the future of cloud security and enabling organizations to navigate the ever-evolving threat landscape confidently.
Wiz’s journey, marked by milestones and a relentless pursuit of innovation, continues to unfold.
With the acquisition of Gem Security, Wiz is well-positioned to lead the charge in securing the cloud for organizations around the world.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.
AttackGen : AI-Based Incident Response Tool With MITRE ATT&CK Framework
[[{“value”:”
In the ever-evolving landscape of cybersecurity, the need for advanced tools to simulate and test incident response is critical.
AttackGen, a cutting-edge incident response testing tool, has emerged as a game-changer in this domain.
Leveraging the power of large language models and the comprehensive MITRE ATT&CK framework, AttackGen offers a unique approach to preparing organizations against sophisticated cyber threats.
Developed by Matthew Adams, a security architect at Santander UK, AttackGen is designed to generate tailored incident response scenarios.
AttackGen : AI-Based Incident Response Tool
These scenarios are based on user-selected threat actor groups and are customized to an organization’s specific size and industry.
This level of personalization ensures that the scenarios are relevant and challenging, providing a realistic training environment for security teams.
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
The tool’s integration with the MITRE ATT&CK framework allows users to create scenarios that focus on particular segments of the cyber kill chain or specific tactics like ‘Lateral Movement’ or ‘Exfiltration’.
This feature is particularly beneficial for mature organizations with advanced threat intelligence capabilities, enabling them to test their defenses against the latest techniques used by threat actors they are monitoring.
AttackGen’s latest version, v0.2, introduces several new features, including the ability to generate custom scenarios based on ATT&CK techniques and a user feedback mechanism to gain insights into model performance over time.
The improved error handling and user interface enhances the overall user experience, making it easier for teams to navigate and utilize the tool effectively.
One of the standout features of AttackGen is its flexibility. Users can choose to use either the OpenAI API or Azure OpenAI Service to generate incident response scenarios.
This choice allows organizations to select the most suitable model for their specific use case and ensures that application descriptions and other data remain within a secure environment, which is crucial for handling sensitive information.
The tool is also integrated with LangSmith, a powerful debugging, testing, and monitoring tool for model performance.
LangSmith captures user feedback on the quality of scenarios generated, providing valuable insights into model performance and user satisfaction.
AttackGen is available as a Docker container image, simplifying deployment and running the application in a consistent and reproducible environment.
This ease of deployment is particularly useful for users who want to run AttackGen in a containerized environment or deploy the application on a cloud platform.
As cyber threats continue to grow in complexity and frequency, tools like AttackGen are essential for organizations to stay ahead of attackers.
By providing a platform for rigorous testing and scenario-based training, AttackGen helps security teams sharpen their skills and improve their incident response capabilities, ultimately strengthening their cybersecurity posture.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Kansas Court Hack: Attackers Stole Sensitive Data From Systems
Kanas Supreme Court released the statement for the cyber incident that stole sensitive data from systems.
The Kansas Supreme Court released the Statement (Chief Justice Marla Luckert and Justices Eric Rosen, Dan Biles, Caleb Stegall, Evelyn Wilson, K.J. Wall, and Melissa Standridge).
The electronic filing system in the Kanas Court was targeted in an attack, prompting an immediate disconnection of information from external systems to prevent any further damage.
The cyber incident impacted the information system used by the Kanas judicial branch. Kansas’s appellate courts and district courts throughout 104 counties are experiencing daily disruptions as a result of this attack, which has rendered the information systems of the Office of Judicial Administration temporarily unusable.
Notably, state authorities, the governor’s office, legislative leadership, and state and federal law enforcement have supported the Kanas in this incident.
The cybercriminals also stole data and threatened to post it to a dark website if their demands were not met.
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway
The security experts acted promptly and efficiently to identify the compromised data in a secure manner. To determine the extent of personal data that might have been stolen, a comprehensive investigation needs to be conducted.
According to the investigation, the data includes Office of Judicial Administration files, district court case records on appeal, and other data, some of which may be confidential under law.
Cyberattacks against governmental organizations are common. The government is the third most frequently targeted industry for these kinds of attacks, per the FBI’s 2022 IC3 report on Internet Crime. The democratic institutions are consistently and seriously threatened by cybercrime.
Due to the incident, the court said, “Throughout this incident, our decisions have been guided by our foundational values. Chief among those is our dedication to upholding and abiding by the rule of law.By adhering to those values at this profoundly trying time, we seek to demonstrate that no malicious element is more powerful than the rule of law and the institutions that abide by it.”
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.