Analytics and Correlation of Detected Threats Across Endpoints and Networks in Hybrid Environments Improves Security Efficacy Against Cyberattacks
Bitdefender unveiled the next evolution of Endpoint Detection and Response solutions – eXtended EDR (XEDR) with the addition of analytics and cross-endpoint security event correlation to Bitdefender Endpoint Detection and Response (EDR) and GravityZone Ultra, the company’s unified endpoint prevention, detection, and response and risk analytics platform. These new capabilities increase security efficacy for identifying and stopping the spread of ransomware attacks, advanced persistent threats (APTs), and other sophisticated attacks before they impact business operations.
With integrated detection and response across operating systems (Windows, Linux, Mac) and hybrid environments (public and private cloud, on-premises), Bitdefender delivers a comprehensive, real-time view for security operations, greatly improving the ability for organizations of all sizes, even those without full-time security analysts, to detect covert attacks that would go unnoticed by analysis and detection on individual endpoints in isolation.
Sophisticated attacks designed to evade security technology detection often mimic ‘normal’ processes or execute in multiple stages through multiple vectors including endpoints, networks, supply chains, hosted IT and cloud services. Bitdefender XEDR thwarts complex attacks by ingesting, examining, and correlating telemetry across endpoints to detect indicators of compromise (IOCs), APT techniques, malware signatures, vulnerabilities, and abnormal behaviors. This advanced monitoring automates early detection of attack scenarios, providing security and IT staff with a single dashboard view wherever the attack started.
The new XEDR capabilities also enhance Bitdefender managed detection and response (MDR) by providing greater visibility and incident context during investigations to accelerate threat validation, response actions, and remediation.
“Organizations of all sizes across all industries are in the crosshairs of APTs and skilled cybercriminal groups,” said Steve Kelley, president, and general manager of Bitdefender Business Solutions Group. “Each application, email, unpatched vulnerability, partner relationship or third-party service represents a potential entry point to a catastrophic security incident. As adversaries evolve techniques to bypass defenses and move through environments undetected, event correlation beyond the boundaries of a single endpoint is crucial for cyber resilience. Bitdefender XEDR provides cross-endpoint correlation to detect and eliminate threats faster at each stage of an attack from early reconnaissance to the final payload.”
In a recent report***, Forrester Analyst Allie Mellen writes that “XDR providers will be limited or enabled by the EDR on which they are based. Choose your XDR based on an EDR with high efficacy detections, strong third-party partnerships or extended native capabilities, and automated response recommendations.”
XEDR builds upon the company’s industry-leading EDR solutions and advanced threat intelligence powered by the Bitdefender Global Protective Network (GPN), an extensive array of hundreds of millions of sensors continuously collecting endpoint threat data worldwide. In independent evaluations, Bitdefender consistently scores highest in detecting APT tactics and techniques. In the most recent MITRE ATT&CK test, Bitdefender achieved the highest number of detections of the 29 participating cybersecurity vendors.
XEDR with cross-endpoint event correlation is available now and comes standard with Bitdefender EDR.
What is the Tenant Migration Bundle?
The Tenant Migration Bundle is a promotional per-user bundle for all people and data in your cross-tenant migration project. Much like our User Migration Bundle, which covers multiple workloads for a single user in a project, the Tenant Migration Bundle covers data stored in Exchange, OneDrive, SharePoint, and Teams – the most commonly-used applications in this cloud office suite.
Rather than buy separate licenses for each workload – or use different tools entirely – we’re giving customers the power to move all components of a tenant with a single license. No professional services, additional fees, or special certifications are required.
The TMB is comprised of two components:
- User Migration Bundle: this is their most popular SKU covering mailboxes, documents, personal archives, and enables the use of DeploymentPro, our automated Outlook configuration tool, to flip profiles post-migration.
- Flex Collaboration License: this new license from BitTitan enabling you to move Teams or SharePoint data.
The User Migration Bundles can be applied as they always have to cover mailbox and OneDrive data with no data limit. The new Flex Collaboration license can be applied to either a Teams migration or a SharePoint document library, carrying a 100 GB data limit per license.
Why buy the Tenant Migration Bundle?
It comes down to simplicity. In most scenarios, the Tenant Migration Bundle will have everything a user needs to migrate from A to B. Just like the tool itself, they want to make it easy to move between tenants. Providing a single license for all workloads in the project – and a tool that can support it all – is the best way to lower the training curve, cost, and complexity with these sorts of projects.
This is a new license type so don’t hesitate to get in touch with our sales team to help scope your next project on email@example.com
Azure Firewall Premium provides next-generation firewall(NGFW) capabilities that are required for highly sensitive and regulated environments.
With the new Azure Firewall Premium, the following new capabilities are now available:
- TLS Inspection: Azure Firewall Premium terminates outbound and east-west TLS connections. Inbound TLS inspection is supported in conjunction with Azure Application Gateway allowing end-to-end encryption. Azure Firewall performs the required value-added security functions and re-encrypts the traffic which is sent to the original destination.
- IDPs: Azure Firewall Premium provides signature-based intrusion detection and prevention system (IDPs) to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware.
- Web Categories: Allows administrators to allow or deny user access to the Internet-based on categories (e.g. social networking, search engines, gambling), reducing the time spent on managing individual FQDNs and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.
- URL Filtering: Allow users to access specific URLs for both plain text and encrypted traffic, typically being used in conjunction with Web Categories.
Azure Firewall Premium is utilizing Firewall Policy, a global resource that can be used to centrally manage your firewalls using Azure Firewall Manager. Starting this release, all new features will be configurable via Firewall Policy only. This includes TLS Inspection, IDPS, URL Filtering, Web categories, and more. Firewall Rules (Classic) continue to be supported and can be used for configuring existing features of Standard Firewall. Firewall Policy can be managed independently or using Azure Firewall Manager. A firewall policy associated with a single firewall has no charge.
For more information, see the Azure Firewall Premium documentation
Healthcare provider opts for 24×7 security monitoring service and protection at 40 percent less cost than hiring additional staff
As cybersecurity threats continue to proliferate, internal security operations departments at organizations worldwide must devote significant resources to managing and analyzing an unrelenting flow of alerts and notifications. To address this challenge, Magrabi Hospitals and Centers, a major healthcare provider in Saudi Arabia considered hiring additional security operations employees to provide 24×7 monitoring.
Instead, Magrabi determined that outsourcing to a managed endpoint detection and response service would provide more comprehensive protection and at a lower cost. Magrabi evaluated managed detection and response service offerings from Crowdstrike and Bitdefender and selected Bitdefender Managed Detection and Response (MDR) Service.
Mostafa Mabrouk, Corporate Information Security Manager, Magrabi Hospitals and Centers, explains, “We chose Bitdefender MDR because it would provide us with comprehensive endpoint control, detection, forensics, reporting, and protection. Viewing all the security components from a single console—from malware removal to sandboxing to quarantine to logs and more—was valuable to us. We also were impressed with the in-depth expertise and knowledge of the security analysts staffing Bitdefender MDR.”
Bitdefender MDR provides Magrabi with outsourced cybersecurity operations 24 hours a day. The MDR Service incorporates industry-leading Bitdefender security technologies to provide comprehensive protection for endpoints, network and security analytics, and threat-hunting expertise from a Bitdefender security operations center fully staffed by highly experienced security analysts.
The MDR Service, which incorporates Bitdefender GravityZone Ultra, provides Magrabi with endpoint protection, detection, and response (EDR) capabilities across nearly 3,000 endpoints. Magrabi’s endpoints protected by MDR Service include Windows workstations; physical and virtual servers running VMware ESXi, Citrix XenServer, and XenApp; Citrix XenDesktop virtual desktops; Microsoft Directory servers, and Microsoft Exchange mailboxes.
Magrabi’s MDR Service also includes Endpoint Risk Analytics to assess, prioritize, and address risk coming from endpoint misconfigurations and vulnerabilities. In addition, the MDR Service analyzes suspicious files, detonates payloads, and reports malicious intent to administrators, and provides tunable machine learning, advanced heuristics, and anti-exploit techniques. Additional MDR Service modules selected by Magrabi include GravityZone Patch Management to automate patching of vulnerable applications and operating system components.
Magrabi places high value on the 24×7 monitoring, analysis, and remediation provided by the Bitdefender MDR solution. “The clinical staff at Magrabi provides patient care services that demand uninterrupted access to medical devices, IT systems, and data,” says Mabrouk. “The soul of Bitdefender MDR is the 24×7 monitoring of our infrastructure to support this vital mission.
We have access to real-time notifications of suspicious activity and the support of Bitdefender’s security experts to investigate and resolve any issues. The performance and protection provided by Bitdefender MDR has been perfect. We sleep better knowing Bitdefender will take action and stop an attack at any time day or night.”
Improved efficiency and productivity have been additional outcomes of Bitdefender MDR, according to Mabrouk: “Bitdefender has removed the headache and burden from our staff. We have saved 15 hours a week, giving staff more time to focus on security analysis and other IT areas that benefit our clinical and business operations. We calculated our operational costs were 40 percent less by going with Bitdefender MDR compared to hiring an additional three employees to achieve around-the-clock monitoring.”
Mabrouk continues, “With the GravityZone cloud console, it’s easy for us to check our risk score, activity, and history of any incidents. We also like that we can deploy agents throughout the cloud rather than directly on the servers. This contributes to high endpoint performance even during scans.”
Magrabi also depends on GravityZone Patch Management to automatically deploy security patches to servers in the Magrabi infrastructure.
The quality of the Bitdefender MDR experts also has been important, says Mabrouk: “The Bitdefender MDR team has been responsive, knowledgeable, and successful at protecting our valuable data. Our number one priority is providing top patient care and Bitdefender has been successful in supporting that at every turn.”
Spyware can be a user’s nemesis. Once a user’s device is infected, spyware can collect a variety of personal and sensitive information, depending on the type of spyware. Here is what you need to know about spyware and how to detect it.
Spyware is a type of malware that infects a user’s computer and spies on the system by continuously monitoring it, including keystroke activity, the user’s web browsing habits, screenshots, and email activity. Spyware can also turn on the user’s webcam and watch what they are doing in real life.
If not stopped, spyware can infect the user’s computer with other types of malware or otherwise damage the computer. It will also send the sensitive information it collects to another entity, who can use the information to harm the user, such as selling it to a third party or for identity theft.
Different types of spyware
There are a handful of spyware types, which can have similar tactics when attacking a user’s computer or network and are not mutually exclusive. Here are the most nefarious spyware types.
System monitors. This type of spyware is also known as a keylogger because it records a user’s computer activities – keystrokes, visited websites, search history, email activity, chat and messaging communications, and system credentials such as logins and passwords.
Trojans. There are many types of Trojans and spyware can be one of them. Named after the ancient Greek story of the Trojan Horse, a trojan is a type of standalone malware that may pretend to offer some useful functionality, while dropping a malicious payload in the background. These payloads range from delivering ransomware and other malware onto the computer, deleting files, allowing unauthorized access to personal information, stealing credentials, modifying online transactions, etc. Banking trojans acquire the user’s credentials when logging into financial or banking portals.
Browser password and Infostealers. This type of spyware steals passwords and profitable information from any source used by the user to collect passwords, login credentials, and other sensitive information.
How does a user get spyware?
A user’s machine can be infected with spyware in much the same way as other types of malware. It can exploit browser security vulnerabilities to innocently display an infected ad or infect a device when the user unknowingly clicks on an infected email link (phishing), visits a malicious website, or downloads software from an untrustworthy site. You can also get infected by clicking on unusual social media or text messages.
How to detect spyware?
Many times, spyware will cause unexpected problems with your computer, such as:
- Spinning applications on start-up or shutdown and/or slow system response
- A sudden increase in banner ads and pop-ups
- Faster-than-normal depletion of the computer battery
- Problems logging onto secure sites
- New applications and tools that the user did not install
There are several ways to detect spyware:
Startup tab in Task Manager. For Windows PCs, check for suspicious software in the Startup tab in Task Manager. If anything looks suspicious, the user should temporarily terminate the process and research what the program is. If it is malicious, the user should immediately delete it.
For Mac computers, click “Finder” and select “Applications” from the sidebar. Again, review the list of applications and if anything looks suspicious, do your research, and delete the app if it is malicious.
Temp files. The user can also check for spyware in their TEMP folder. In fact, you can delete anything in the temp folder just to be safe because they are, after all, temporary files.
Install anti-malware software. The best way to detect – and stop spyware – is by installing an anti-malware solution and scanning the computer. Solutions from reputable vendors will identify and delete the spyware from the system.
Can you get spyware on your mobile phone?
Yes. Both iPhones and Android phones can be victims of spyware. On a mobile device, spyware runs undetected, monitoring and recording a user’s actions without them knowing. It can spy on call logs, contact lists, the photos a user has taken on their phone, a user’s location, even record anything heard on a device’s microphone and take pictures.
Acronis detects and stops spyware
Acronis offers comprehensive cyber protection solutions that detect and stop spyware. If you are a business and looking for the right antivirus software, Acronis Cyber Protect keeps your remote workers’ devices secure in the post-pandemic reality. The solution provides a unique integration of data protection and next-generation cybersecurity capabilities, delivering improved security and lowering costs. Whether your business is large or small, Acronis Cyber Protect automates and streamlines system and data protection to mitigate risk and avoid downtime.
If you are a managed service provider (MSP), you can protect your clients’ systems with Acronis Cyber Protect Cloud, a solution that enables you to deliver cyber protection in an easy, efficient, and secure way. With a single platform, your customers can achieve the ultimate in data protection with hybrid cloud backup, disaster recovery, and protection from ransomware and spyware. Acronis Cyber Protect Cloud protects endpoints – including remote devices – systems, and data. It also includes AI-based behavioral detection that stops zero-day attacks, performs URL filtering and vulnerability assessments, and provides videoconference protection and automated patch management. With the power of Acronis Cyber Protect Cloud, you can detect and stop cyberattacks of any nature and ensure your clients can recover their data and systems in the shortest time possible.
Forrester’s analysis of five current Microsoft customers found that Dynamics 365 Business
Central enabled these organizations to bolster operational efficiency, avoid costs, and
comfortably scale their deployments with growth while benefitting from the flexibility inherent
in the cloud. An analysis based on a $15-million, 250-employee composite organization
modeled after the five interviewees demonstrates benefits of $466K over three years versus
costs of $178K, adding up to a net present value (NPV) of $288K and an ROI of 162%.
Read the full study