news
BMC delivers
automated detection
and response for
mainframe security
operations
MC, a global leader in IT
B
solutions for the Autonomous
Digital Enterprise, has
announced new capabilities for the BMC
AMI Security solution to automatically
protect, detect and respond to threats
on the mainframe. BMC AMI Security
shares mainframe security events with
enterprise security information and event
management systems (SIEM) in real
time, providing actionable insights for
incident responders.
Autonomous Digital Enterprises today
amass and use data from across the
enterprise, including the mainframe, for
optimal operations and a transcendent
customer experience. The mainframe
is very securable but zero-day threats,
configuration weaknesses and modern
threats like ransomware present risks to
the sensitive data that live on mainframes.
Securing the mainframe requires skills
that are in short supply. So, BMC AMI
Security comes with years of experience
with intelligence and automated security
processes built-in to defend mainframes
and surface findings that are actionable
for incident responders, making both
security and operations teams more
efficient. Enterprises are realising the
value of moving from Endpoint Detection
and Response (EDR) to Extended
Detection and Response (XDR) tools.
Data correlation and centralisation help to
surface data relevant to detection.
John McKenny, Senior Vice President
of ZSolutions Strategy and Innovation
at BMC, said: “BMC AMI Security is the
virtual, always-on security expert for the
mainframe that enterprises need. Its ability
to adapt to threats and help enterprises
include the mainframe into their XDR
strategy solves a potentially large gap
in protecting sensitive data within every
Autonomous Digital Enterprise.”
EMOTET RETURNS AFTER FIVE-
MONTH HIATUS
ore than 160 days
M after the last observed
Emotet delivery via email,
Proofpoint researchers have
confirmed its return. More recently,
it has observed Emotet delivering
third-party payloads such as Qbot,
The Trick, IcedID and Gootkit.
Additionally, Emotet loads its
modules for spamming, credential
stealing, email harvesting and
spreading on local networks.
Proofpoint has observed nearly
a quarter of a million Emotet
messages sent on July 17, 2020,
and the number continues to climb.
The threat actor, TA542, appears
to have targeted multiple verticals
across the US and UK with English
language lures. These messages
contain malicious Microsoft
Email lure with malicious Word
doc attachment
Word attachments or URLs linking to
Word documents, often pointing to
compromised WordPress hosts.
Similar to lures observed previously, these
are simple, with minimal customisation.
Subject lines like ‘RE:’, ‘Invoice #’
followed by a fake invoice number are
commonly seen and often include the
name of the organisation being targeted.
Sherrod DeGrippo, Senior Director,
Threat Research and Detection at
Proofpoint, said: “Emotet’s infrastructure
is test- and metric-driven and is built
to scale depending on what’s working.
Hence, it is important that security
teams continue to secure their email
channel and educate users regarding
the increased risks associated with
potentially malicious email attachments
to protect against this form of attack.”
12 Issue 28 | www.intelligentciso.com