Identify, anticipate and respond to any possible computer threat. This is in 2023 one of the great priorities that the ICT departments of companies have. This, in a context in which threats are increasingly sophisticated, varied and persistent, in turn requires a rapid and coordinated response by organizations.

Adding to this situation is the fact that many companies face a lack of resources, tools and visibility to detect and respond to incidents effectively. To respond to these challenges, in recent years the use of the XDR technology (eXtended Detection and Response) which, according to Gartner, is a vendor-specific threat detection and incident response tool that unifies multiple security products (including a minimum of three) into one security operations system. Thanks to this integration of different data sources and security products, company security managers can have a holistic view of their ICT infrastructure, correlate alerts and automate corrective actions.

In this area, WatchGuard has just announced the launch of ThreatSync, a complete XDR solutionwhich is included as part of the company’s Unified Security Platform® architecture and extends this technology to product families WatchGuard Network and Endpoint Security.

As explained by the company, WatchGuard ThreatSync equips organizations with XDR capabilities to centralize detections between products and orchestrate automated response to threats from a single control panel. This enables cybersecurity to be simplified while improving visibility and response to threats across the organization faster, reducing risk and cost, and delivering greater accuracy.

On the other hand, for MSPs and partners, XDR reduces the staffing burden by enabling teams to share knowledge from a single security platform. At the same time, XDR increases protection and improves results by combining different security layers. In three steps, Watchguard offers:

• Unified Threat Visibility: ThreatSync increases accuracy and speeds detection by automatically unifying threat data from across the entire WatchGuard security stack into a single interface, with a UX geared toward incident responders.
• Unified threat detection: ThreatSync provides extended detection capabilities by correlating data from different layers of protection in the security stack that indicate the presence of threat actors.
• Unified Threat Response Orchestration: When security experts and IT administrators have the information they need, it’s easy to respond quickly, even if the device isn’t physically available.

Finally, it’s worth noting that ThreatSync is a WatchGuard unified security feature included by default with any Firebox Total Security Suite (TSS) subscription and WatchGuard EDR and EPDR products. The more WatchGuard products you have, the more visibility and expanded XDR features you have access to.

To learn more about what’s new from WatchGuard and its strategy to help companies have more visibility on all kinds of threats, we recommend that you don’t miss the participation of Guillermo Fernández (Iberia Sales Engineer Manager of WatchGuard) on March 22. at the round table “New challenges in security of the hybrid workplace” to be held within the framework of the ASLAN fair at the Palacio de Congreso in Madrid. In addition, that same day, you can also attend a presentation by Juan Manuel Castaño (Sales Engineer for the South of Iberia at WatchGuard): “XDR: new term for a well-known concept.” Also, you can visit the booth 44 of the company at the event.

Devoa cloud-native data analytics and security company, has presented its latest study on the presence of the artificial intelligence in the internal security systems of companies. Thus, 96% of those surveyed have expressed their discontent, which leads them to resort to unauthorized tools in 80% of the cases analyzed.

When they hire a team of cybersecurity experts, companies seek to establish a clearly defined line of work and get rid of all kinds of concerns. However, if they see that the members of the Security Operations Center (SOC) make decisions freely and venture to freely acquire unauthorized AI tools, they often take restrictive measures in this regard.

In the survey, in which he also collaborates Wakefield Research, it is concluded that 96% consider that they know at least one colleague who is dissatisfied with cybersecurity systems. Nevertheless, three out of four (78% of the total) estimate that their company would put an end to such unauthorized AI tools and could even lead to irreversible dismissal.

Regarding the consequences of using unauthorized AIs41% say that their organization could ask them to stop using it immediately, but that it would be evaluated in the future, while 19% believe that no action would be taken in this regard.

Why the discontent of the experts?

Fundamentally, and as previously mentioned, to the dissatisfaction with the levels of automation applied in security for de side of the company. But if the matter is investigated further, we will find causes technological typesuch as the poor scalability and flexibility of the available solutions (in 42%), and economic type, due to its high implementation and maintenance costs (in 39%). To this is added an internal problem, since 34% speak Lack of internal knowledge and resources by the workers themselves.

The critical internal situation experienced by the companies’ SOC would be resolved by listening to the needs and improvement options proposed by the experts. 33% are dissatisfied with the levels of adoption of security automation, while 28% consider their companies inflexible when it comes to giving them autonomy to select the best tools they can use.

Unauthorized AI applications

The presence of rogue AI tools leads enterprise security experts to use them to implement the services they already offered. In this way, 47% of those surveyed ensure that they allow a better interface46% apply more advanced capabilities or specialized and 44% a more efficient work.

That being said, with the increase in automation, the vast majority would help fill staff shortages performing: incident analysis, application landscape analysis and data sources, and threat detection and response. Respondents also talk about the importance of AI in SOC automation related to protecting against cyber threats and easing staff training.

Without a doubt, AI is a complement to other automated security Technologysas SOAR (used in 53% of cases), Cloud SIEM solutions (in 52%) and AIOps (in 51% of cases) in their security operations center. They have also been complemented with machine learning analysis (in 48% of cases) and automation in threat detection and response in 45%.

Economic impact

Another factor that drives enterprise security experts to apply rogue AI solutions in the SOC is the positive impact it has on the company. In fact, two out of three respondents (65%) say that will have financial gainswhich will materialize in the increase in income (by 39%) and in the reduction of hiring or training costs (by 37%).

It’s an unstoppable trend, and if enterprise security experts are left free to work, rogue AI will end up occupying a priority role in the SOC, improving profitability and the future in the short-medium term.

GoDaddythe Internet domain registrar and web hosting company, has recently released a new report (10-K required annual report) on its balance sheet for the year 2022 and leaves a series of revealing data.

The most striking is that he confirms having suffered, for several years, that a group of attackers stole the company source code and login credentials of customers and install a malicious malware. In this way, a significant commitment to cybersecurity would have been enshrined.

His vulnerability was exposed to the United States Securities and Exchange Commissionexpressing that since the outbreak of the pandemic the company had perceived a considerable increase in cyberattacks on its customers. According to internal investigations, it could be a same sophisticated group capable of obtaining, through specific malware, code fragments related to some services within GoDaddy.

On this occasion, the last attack consisted of a url forwarding, which is defined as a flawless feature of HTTP (the hypertext transfer protocol). The goal is to change the company’s primary domain name but keep all the old links alive.

the origin of everything

In March 2020, the unknown threat actor made GoDaddy its target of choice. He managed to obtain access codes to employee and hosting accounts from some 28,000 clients approximately. It’s true that at the time they were unable to access the customers’ main GoDaddy account, but it was a major red flag for the entire internal business structure. In fact, the Federal Trade Commission issued the infringement statement between July 2020 and October 2021.

On November 22, 2021, GoDaddy detected a new incident from the same group of cybercriminals, which was announced on the 22nd of that month. On that occasion, the hackers obtained a password that gave him access to the source code of the WordPress service managed by the company.

Since September of that same year, the unauthorized party used the access to get login credentials for WordPress admin accounts, FTP accounts, and email addresses for 1.2 million Managed WordPress customers.

The last attack, in December

hosting servers cPanel, used by customers to manage websites hosted by GoDaddy, received malware that redirected the websites of several of their customers to random sites. Everything was done through phishing campaigns, malware distribution and other malicious activities.

Although the largest cyberattacks began in 2020, isolated episodes of security flaws and vulnerabilities that have put GoDaddy-hosted sites in jeopardy have occurred years ago.

that was how in 2019 a misconfigured domain name system service at GoDaddy allowed hackers to hijack dozens of websites owned by Yelp, Mozilla, Expedia and others, using them to post a ransom note threatening to attack several buildings and schools.

Similarly, that same year, an investigation found that hundreds of customer accounts had been blocked to create 15,000 websites dedicated to posting *text muted* in charge of promoting weight loss products and miracle diets.

It is curious as a company of the size of GoDaddy, one of the largest domain registrars in the world, with almost 21 million customers and an income of almost four billion euros in 2022you can have security systems so vulnerable to access by hackers.

However, the company has publicly apologized and has assured through an official statement: “We are using the lessons of this incident to improve the security of our systems and further protect our customers and their data.”