Intelligent CISO Issue 18 | Page 10

news Exabeam expands global availability of SaaS Cloud xabeam, the smarter SIEM company, has announced the expanded availability of Exabeam SaaS Cloud, a hosted version of its Exabeam Security Management Platform (SMP) to help even more organisations modernise their security operations. E Exabeam SaaS Cloud will now be available for in-region hosting in 15 additional locations in 13 countries, including Europe. This means its growing global customer base can take advantage of Exabeam SaaS Cloud while meeting compliance and policy requirements for in-region hosting. SaaS Cloud helps identify anomalous behaviour in organisations’ cloud applications to stop adversaries in their tracks. As a hosted cloud offering, it provides the full functionality of the SMP, including a data lake, behavioural analytics, case management, security orchestration and incident response automation. This allows organisations to directly ingest data from dozens of popular cloud-based services, enabling faster deployment, while eliminating the challenges of on-premises SIEM installations – including cost and maintenance issues and the need to route cloud data to on-premises data centres. By extending SaaS Cloud’s in-region hosting options, Exabeam is also empowering organisations to adhere to additional national data localisation and residency laws. Data in SaaS Cloud is protected using data encryption in transit and at rest, regular third-party penetration testing and SOC 2 Type II compliance, considered to be the security gold standard for SaaS companies handling sensitive customer data. 10 SECUREWORKS REVEALS DETAILS AND TACTICS BEHIND THE LYCEUM THREAT GROUP he Secureworks Counter Threat Unit (CTU) has discovered that the threat group LYCEUM is targeting organisations in sectors of strategic national importance, including oil and gas and possibly telecommunications. T The previously unobserved threat group has been targeting critical infrastructure for more than 12 months, with research indicating that the group may have been active from as early as April 2018. Domain registration suggests that the group targeted South African organisations in mid-2018. However, in May this year the threat group launched a campaign against oil and gas organisations in the Middle East. When looking into how the LYCEUM threat group initially accesses an organisation, the research team discovered this is done by using account credentials obtained via password spraying or brute-force attacks. Using compromised accounts, the threat actors send spearphishing emails with malicious Excel attachments to deliver the DanBot malware, which subsequently deploys post-intrusion tools. LYCEUM is an emerging threat to energy organisations in the Middle East, but organisations should not assume that future targeting will be limited to this sector. Critical infrastructure organisations in particular should take note of the threat group’s tradecraft. Issue 18 | www.intelligentciso.com