Intelligent CISO Issue 12 | Page 6

news PagerDuty for Security Operations unifies DevSecOps teams agerDuty, a global leader in digital operations management, has announced PagerDuty for Security Operations. P This solution for security and developer teams introduces a comprehensive set of new and existing security-focused integrations from PagerDuty’s broader partner ecosystem. Teams can leverage their security tool-chain with PagerDuty’s extensive best practices for security incident response and for sharing security accountability. With PagerDuty for Security Operations, development and operations engineers can now bring security professionals onto a common platform to reduce risk, enabling them to resolve security alerts faster. To better support the security requirements of its customers, PagerDuty for Security Operations features more than 25 new and existing integrations, across a robust security ecosystem, including: • Security information and event management (SIEM) (Sumo Logic, LogRhythm, Logz.io, AlienVault an AT&T Company) • Security orchestration, automation and response (SOAR) (Demisto, Swimlane, Cybersponse, DFLabs) • Threat intelligence, cloud and application security (Twistlock, Threat Stack, Aqua Security, Templarbit, Signal Sciences) • Endpoint and network security, vulnerability management (Expel, Nucleus) • Cloud compliance (CloudGuard Dome9 from Check Point) 6 FIREEYE REPORT FINDS ORGANISATIONS ARE IDENTIFYING ATTACKER ACTIVITY FASTER ireEye, the intelligence- led security company, has released the Mandiant M-Trends 2019 report. The report shares statistics and insights gleaned from Mandiant investigations around the globe in 2018. F Key findings include: • Dwell time decreasing as organisations improve detection capabilities – In 2017, the median duration between the start of an intrusion and the identification by an internal team was 57.5 days. In 2018 this duration decreased to 50.5 days. • Nation-state threat actors are continuing to evolve and change – Through ongoing tracking of threat actors from North Korea, Russia, China, Iran and other countries, FireEye has observed these actors continually enhancing their capabilities and changing their targets in alignment with their political and economic agendas. • Attackers are becoming increasingly persistent – FireEye data provides evidence that organisations which have been victims of a targeted compromise are likely to be targeted again. Global data from 2018 found that 64% of all FireEye managed detection and response customers who were previously Mandiant incident response clients were targeted again in the past 19 months by the same or similarly motivated attack group, up from 56% in 2017. • Many attack vectors used to get to targets, including M&A activity – Attacker activity touches countries across the globe. Among them, FireEye observed an increase in compromises through phishing attacks during mergers and acquisitions (M&A) activity. Visit fireeye.com/current-threats/annual- threat-report/mtrends.html. to download the full report. Issue 12 | www.intelligentciso.com