Tag: F-Secure

F-Secure moves to usage based pricing

Security outfit F-Secure has adjusted its  cybersecurity solution to support “usage-based” pricing across its partner network.

The move is part of a cunning plan to provide service partners and their customers with operational efficiency, smooth deployment, and flexibility, as more employees continue to work remotely and collaborate via cloud platforms.

F-Secure’s EDR service goes channel only

525040-f-secure-safe-2017-androidF-Secure has made its managed endpoint detection and response (EDR) service only available through its partners.

The service was developed to combat the growing threat of so-called fileless cyber attacks that are often designed to evade traditional endpoint protection technologies.

This threat, which sees hackers target vulnerabilities in operating systems or legitimate applications, rather than installing malware on a target computer, is only going to get more severe, according to Ponemon, which has predicted 35% of attacks in 2018 will be fileless, up six percent compared to 2017.

-Secure partner BWG Informationssysteme MD Thomas Zeller said that companies were demanding managed services and advanced threat protection, requiring more human participation and expertise than is offered by standard security products.

“F-Secure offers us new managed service opportunities, and we have access to their threat analysts in case needed.”

F-Secure’s EDR service will allow partners to better protect their customer’s assets from a range of attacks, such as privilege escalation, admin credential theft, Powershell script attacks, lateral movement, phishing and ransomware, he said.

“Today’s stealthy, sophisticated attacks demand sophisticated approaches because mere endpoint protection is not enough anymore,” said Jyrki Tulokas, executive VP of cybersecurity products and services at F-Secure.

“At the same time, the critical shortage of skilled cybersecurity specialists puts midmarket companies at a disadvantage when it comes to hiring. The answer is to use cutting-edge artificial intelligence trained by F-Secure’s world-class threat analysts to detect advanced threats that have penetrated the network, and guide our partners on how to respond.”

US companies take down Chinese hacker group

1220aAn alliance of US tech companies including Novetta and Microsoft hasbeen targeting the Hikit malware and have worked out a way to disrupt the Chinese cyber espionage gang Axiom’s antics.

Dubbed Operation SMN, the coalition of security companies has apparently given the hackers a Chinese burn after it detected and cleaned up malicious code on 43,000 computers worldwide infected by Axiom.

The effort was led by Novetta and included Bit9, Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Tenable, ThreatConnect Intelligence Research Team (TCIRT), ThreatTrack Security, Volexity, and was united as part of Microsoft’s Coordinated Malware Eradication (CME) campaign against Hikit.

Hikit is custom malware often used by Axiom to burrow into organisations and nick data. It works quietly and evades detection, sometimes for years.

Axiom used a variety of tools to access and re-infect environments including Derusbi, Deputy Dog, Hydraq, and others. Ludwig says, they expanded the group and its scope “so that we absolutely did the best possible job of clean-up and removal” and rolled it all into a Microsoft Malicious Software Removal Tool (MSRT) released Oct. 14.

Novetta thinks that while the MSRT was comprehensive, it may be only a temporary setback for Axiom, which will just work out another way of doing the same thing.

Novetta says it has “moderate to high confidence” that Axiom is a well-resourced and well-disciplined subgroup of the state-backed “Chinese Intelligence Apparatus.”

Axiom has been found in organisations that are of strategic economic interest, that influence environmental and energy policy and that develop integrated circuits, telecommunications equipment and infrastructure.

The target organisations are often related in some way, and once Hikit has burrowed its way into a computing environment, it can create a “mini-network,” communicating laterally with other Hikit installations within the organisation or related outside groups. What makes it difficult to track is that it uses proxies and never communicates with the command-and-control server directly. Hikit talks to companies in such a way that the traffic does not look dodgy.