Every functioning security team has an incident response plan. Advance strategizing and preparation are absolutely imperative to ensure a quick response to data breaches, ransomware, and numerous other challenges, but most companies first developed that plan years, if not decades, ago and now only revisit it periodically. This is a problem. How many organizations have developed a separate incident response plan to address the unique risks of the software-as-a-service (SaaS) era? Far too few.

Naming themselves Night Sky, a new ransomware family was spotted on the first day of 2022, by the MalwareHunterTeam. They appear to work in the RaaS (Ransomware-as-a-Service) model, similar to other ransomware groups like REvil, LockBit, and Hive, publishing stolen data exfiltrated throughout the attack in a deep web site if the ransom is not paid by the victim. Currently, there are two companies listed on their deep web site, where the group has published the victim’s allegedly stolen data.

In recent blogs, we’ve explored the role of Security Service Edge (SSE) technologies as part of a SASE architecture, and the key differences between SSE and SASE. But so far, we’ve focused more on overall functionality than on its realization and what SSE means from a cloud design and implementation perspective. In this post, we shift gears to put a spotlight on networking and infrastructure as it relates to security clouds.

President Biden’s Executive Order 14028 to improve the nation’s cybersecurity and protect federal government networks, was released more than half a year ago. At the time, one of the most exciting aspects about it was the multiple uses of the term “zero trust,” as Netskope discussed in a blog at the time. However, it’s clear that federal agencies are still working out the specifics of how to actually approach implementing zero trust.

In the first half of 2021, average ransomware demands surged by 518%, while payments climbed by 82%. There has been a growing number of attacks in healthcare, with 560 healthcare facilities hit by ransomware last year in the U.S. alone. As new attacks generate headlines each week, we get real-world use cases for how ransomware proliferates in diverse ways, including social engineering attacks and exploitation of vulnerabilities.

A new vulnerability was discovered in the Apache Log4j library. Tracked as CVE-2021-44832, this bug may allow arbitrary code execution in compromised systems when the attacker has permissions to modify the logging configuration file. CVE-2021-44832 has received a CVSS score of 6.6 out of 10, and it affects all versions of Log4j from 2.0-alpha7 to 2.17.0, excluding 2.3.2 and 2.12.4. This is the fourth Log4j vulnerability addressed by Apache in December 2021.

The following is the second part of a two-part series describing several critical use cases where Advanced Analytics can help teams make the right decisions to strengthen their overall posture and effectively manage risk.

As technology continues to change rapidly, and so do the tactics cybercriminals use. Responding to these changes requires adapting your security operations center (SOC), or eventually, you may encounter a security incident. Security is a journey, not a destination. You don’t just become secure and move on to another project. Instead, you continuously observe, adapt, and improve.

Co-authored by Zhi Xu and Matt Allen We are proud to share that Netskope Threat Protection has received the 2021 On-Demand Malware Detection certification from prestigious SE Labs for a third consecutive year. Specifically, Netskope performed 100% threat detection on both known malware samples and unknown malware samples during tests conducted in December 2021, with a 0% false-positive rate.

Risk management doesn’t belong to one person or department at an organization. It’s a shared effort—partly because it touches on multiple roles at a company and partly because it is a massive and complex undertaking. Successful CISO’s use risk management visualization and reporting to provide a clear and easy way to understand the value of their security program.