Identify, anticipate and respond to any possible computer threat. This is in 2023 one of the great priorities that the ICT departments of companies have. This, in a context in which threats are increasingly sophisticated, varied and persistent, in turn requires a rapid and coordinated response by organizations.

Adding to this situation is the fact that many companies face a lack of resources, tools and visibility to detect and respond to incidents effectively. To respond to these challenges, in recent years the use of the XDR technology (eXtended Detection and Response) which, according to Gartner, is a vendor-specific threat detection and incident response tool that unifies multiple security products (including a minimum of three) into one security operations system. Thanks to this integration of different data sources and security products, company security managers can have a holistic view of their ICT infrastructure, correlate alerts and automate corrective actions.

In this area, WatchGuard has just announced the launch of ThreatSync, a complete XDR solutionwhich is included as part of the company’s Unified Security Platform® architecture and extends this technology to product families WatchGuard Network and Endpoint Security.

As explained by the company, WatchGuard ThreatSync equips organizations with XDR capabilities to centralize detections between products and orchestrate automated response to threats from a single control panel. This enables cybersecurity to be simplified while improving visibility and response to threats across the organization faster, reducing risk and cost, and delivering greater accuracy.

On the other hand, for MSPs and partners, XDR reduces the staffing burden by enabling teams to share knowledge from a single security platform. At the same time, XDR increases protection and improves results by combining different security layers. In three steps, Watchguard offers:

• Unified Threat Visibility: ThreatSync increases accuracy and speeds detection by automatically unifying threat data from across the entire WatchGuard security stack into a single interface, with a UX geared toward incident responders.
• Unified threat detection: ThreatSync provides extended detection capabilities by correlating data from different layers of protection in the security stack that indicate the presence of threat actors.
• Unified Threat Response Orchestration: When security experts and IT administrators have the information they need, it’s easy to respond quickly, even if the device isn’t physically available.

Finally, it’s worth noting that ThreatSync is a WatchGuard unified security feature included by default with any Firebox Total Security Suite (TSS) subscription and WatchGuard EDR and EPDR products. The more WatchGuard products you have, the more visibility and expanded XDR features you have access to.

To learn more about what’s new from WatchGuard and its strategy to help companies have more visibility on all kinds of threats, we recommend that you don’t miss the participation of Guillermo Fernández (Iberia Sales Engineer Manager of WatchGuard) on March 22. at the round table “New challenges in security of the hybrid workplace” to be held within the framework of the ASLAN fair at the Palacio de Congreso in Madrid. In addition, that same day, you can also attend a presentation by Juan Manuel Castaño (Sales Engineer for the South of Iberia at WatchGuard): “XDR: new term for a well-known concept.” Also, you can visit the booth 44 of the company at the event.

Devoa cloud-native data analytics and security company, has presented its latest study on the presence of the artificial intelligence in the internal security systems of companies. Thus, 96% of those surveyed have expressed their discontent, which leads them to resort to unauthorized tools in 80% of the cases analyzed.

When they hire a team of cybersecurity experts, companies seek to establish a clearly defined line of work and get rid of all kinds of concerns. However, if they see that the members of the Security Operations Center (SOC) make decisions freely and venture to freely acquire unauthorized AI tools, they often take restrictive measures in this regard.

In the survey, in which he also collaborates Wakefield Research, it is concluded that 96% consider that they know at least one colleague who is dissatisfied with cybersecurity systems. Nevertheless, three out of four (78% of the total) estimate that their company would put an end to such unauthorized AI tools and could even lead to irreversible dismissal.

Regarding the consequences of using unauthorized AIs41% say that their organization could ask them to stop using it immediately, but that it would be evaluated in the future, while 19% believe that no action would be taken in this regard.

Why the discontent of the experts?

Fundamentally, and as previously mentioned, to the dissatisfaction with the levels of automation applied in security for de side of the company. But if the matter is investigated further, we will find causes technological typesuch as the poor scalability and flexibility of the available solutions (in 42%), and economic type, due to its high implementation and maintenance costs (in 39%). To this is added an internal problem, since 34% speak Lack of internal knowledge and resources by the workers themselves.

The critical internal situation experienced by the companies’ SOC would be resolved by listening to the needs and improvement options proposed by the experts. 33% are dissatisfied with the levels of adoption of security automation, while 28% consider their companies inflexible when it comes to giving them autonomy to select the best tools they can use.

Unauthorized AI applications

The presence of rogue AI tools leads enterprise security experts to use them to implement the services they already offered. In this way, 47% of those surveyed ensure that they allow a better interface46% apply more advanced capabilities or specialized and 44% a more efficient work.

That being said, with the increase in automation, the vast majority would help fill staff shortages performing: incident analysis, application landscape analysis and data sources, and threat detection and response. Respondents also talk about the importance of AI in SOC automation related to protecting against cyber threats and easing staff training.

Without a doubt, AI is a complement to other automated security Technologysas SOAR (used in 53% of cases), Cloud SIEM solutions (in 52%) and AIOps (in 51% of cases) in their security operations center. They have also been complemented with machine learning analysis (in 48% of cases) and automation in threat detection and response in 45%.

Economic impact

Another factor that drives enterprise security experts to apply rogue AI solutions in the SOC is the positive impact it has on the company. In fact, two out of three respondents (65%) say that will have financial gainswhich will materialize in the increase in income (by 39%) and in the reduction of hiring or training costs (by 37%).

It’s an unstoppable trend, and if enterprise security experts are left free to work, rogue AI will end up occupying a priority role in the SOC, improving profitability and the future in the short-medium term.

After the announcement of the bankruptcy of Silicon Valley Bank (SVB) on March 10 and the absolute control of its administration by the California bank supervisory body, the alarms have not stopped going off. Some for fear of other financial entities to be in a similar situation, because it is the second largest US bank failure since 1970and others because hackers used this situation to attack.

In the prestigious list of ‘Forbes’ magazine on February 14, the 50 best banks in the US were published, with Silicon Valley Bank occupying the rank number 20. It must be taken into account that there are 4,213 banks in the country, which gave it a preferential position.

But the problems worsened for the financial entity, and taking advantage of the fears of insecurity that the crisis has aroused in one of the largest US lenders, hackers have begun to attack cryptocurrency-related phishing attacksspecifically with the USD Coin (USDC)a price-stable digital currency pegged to the USD.

The keys to cyberattack

Following this, proof point has determined, through a rigorous study, that the bankruptcy of SVB goes hand in hand with a unprecedented phishing attack. Scammers have sent messages posing as brands in the crypto world to claim their coins or exchange them for US dollars. These actions began after Circlethe company behind the USDC cryptocurrency, announced that it had cash reserves in SVB.

Now the hackers started using a lure that promised the victim to exchange their USDC for dollars. at a ratio of 1:1 and then induce the victim to install a Smart Contract to transfer the contents of your wallet to the attacker.

Undoubtedly, cybercriminals have taken advantage of the emotions and fear that exists among users to exploit vulnerabilities. For this reason, Proofpoint urges those who handle information or financial transactions to be cautious in the face of any suspicious messages they receive.

The keys to bankruptcy

After the great financial crisis of 2008, that of Silicon Valley Bank may end up affecting thousands of citizens and companies. In fact, the Federal Reserve, the Treasury Department and the US regulatory body have announced that they will intervene so that the bank can guarantee the payment of all your deposits and that the problem spread to the entire financial fabric.

For now, the ‘domino effect’ has ended up hurting other banks such as SignatureBank of New York and the Silvergate Bank, two companies characterized by granting loans to cryptocurrency companies. To this we must add that the bankruptcy of the SVB has caused the bank of england has sold the UK subsidiary to HSBC bank in exchange for a pound sterling.

The problem of the SVB comes from the fact that the entity has always been characterized by financing emerging companies in the technological field, it was a start-up bank. The loan-to-deposit ratio was very low and all the excess was invested in Treasury bonds and government debt at a time when interest rates were very low and the value of the bond was very high.

However, the rise in interest rates, the fear of a recession and the slowdown in the market have made it difficult for the financial institution to operate. announced the sale of 21,000 million dollars in securities, with a loss of 1,800 million and a plan to raise 2,250 million in capital. His idea was sell 1.250 million dollars in ordinary shares and others 500 million in preferred shares, in turn sealing an agreement with the fund General Atlantic and sell another $500 million in common stock. By withdrawing their funds, start-up owners its shares fell on the stock market by 60%.

On March 10, the Federal Deposit Guarantee Corporation (FDIC) took control of all SVB deposits, covering them up to $250,000, as required by law. The problem is that the funds in the SVB are larger, since they belong to large technological start-ups and 95% of these were uninsured.

The FDIC will pay uninsured depositors an early dividend with a certificate of judicial administration that collects the remaining amount, resorting to a systematic risk exception.