news
Exabeam expands
global availability of
SaaS Cloud
xabeam, the smarter SIEM
company, has announced
the expanded availability
of Exabeam SaaS Cloud, a
hosted version of its Exabeam Security
Management Platform (SMP) to help
even more organisations modernise their
security operations.
E
Exabeam SaaS Cloud will now be
available for in-region hosting in 15
additional locations in 13 countries,
including Europe. This means its
growing global customer base can take
advantage of Exabeam SaaS Cloud
while meeting compliance and policy
requirements for in-region hosting.
SaaS Cloud helps identify anomalous
behaviour in organisations’ cloud
applications to stop adversaries in
their tracks. As a hosted cloud offering,
it provides the full functionality of the
SMP, including a data lake, behavioural
analytics, case management,
security orchestration and incident
response automation.
This allows organisations to directly
ingest data from dozens of popular
cloud-based services, enabling
faster deployment, while eliminating
the challenges of on-premises SIEM
installations – including cost and
maintenance issues and the need to route
cloud data to on-premises data centres.
By extending SaaS Cloud’s in-region
hosting options, Exabeam is also
empowering organisations to adhere to
additional national data localisation and
residency laws.
Data in SaaS Cloud is protected
using data encryption in transit and
at rest, regular third-party penetration
testing and SOC 2 Type II compliance,
considered to be the security gold
standard for SaaS companies handling
sensitive customer data.
10
SECUREWORKS REVEALS DETAILS
AND TACTICS BEHIND THE LYCEUM
THREAT GROUP
he Secureworks Counter
Threat Unit (CTU) has
discovered that the
threat group LYCEUM is targeting
organisations in sectors of strategic
national importance, including oil and
gas and possibly telecommunications.
T
The previously unobserved threat
group has been targeting critical
infrastructure for more than 12 months,
with research indicating that the group
may have been active from as early as
April 2018.
Domain registration suggests that
the group targeted South African
organisations in mid-2018. However,
in May this year the threat group
launched a campaign against oil and
gas organisations in the Middle East.
When looking into how the LYCEUM
threat group initially accesses an
organisation, the research team
discovered this is done by using
account credentials obtained via
password spraying or brute-force
attacks. Using compromised accounts,
the threat actors send spearphishing
emails with malicious Excel
attachments to deliver the DanBot
malware, which subsequently deploys
post-intrusion tools.
LYCEUM is an emerging threat to
energy organisations in the Middle
East, but organisations should not
assume that future targeting will
be limited to this sector. Critical
infrastructure organisations in
particular should take note of the threat
group’s tradecraft.
Issue 18
|
www.intelligentciso.com