An ecosystem of native and third-party integrations provides visibility and control across the entire attack surface.

**DALLAS, April 25, 2022** – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, announced the launch of Trend Micro One, a unified cybersecurity platform with a growing list of ecosystem technology partners that enables customers to better understand, communicate, and lower their cyber risk.

Organizations are battling on all fronts to face mounting cyber risks from their complex and growing attack surface with stretched teams and siloed security products. The unified security platform approach delivers a continuous lifecycle of risk and threat assessment with attack surface discovery, cyber risk analysis, and threat mitigation and response.

**Inaugural partners of the Trend Micro One technology ecosystem include:** Bit Discovery, Google Cloud, Microsoft, Okta, Palo Alto Networks, ServiceNow, Slack, Qualys, Rapid7, Splunk, and Tenable.

Kevin Simzer, COO of Trend Micro, shared, "We are so proud that ecosystem partners and even some competitors value integrating into our platform. Collectively we help enterprises fight the bad guys known as cybercriminals. Alone we are strong, but together our industry is unstoppable in helping customers eliminate security gaps anywhere, identify internal and external enterprise assets, and take critical steps to mitigate them."

According to Gartner®, "vendors are increasingly acquiring or developing these adjacent technologies and integrating them into a single platform. The benefits are best realized when this integration minimizes consoles and configuration planes and reuses components (e.g., endpoint agents) and information.\[1\]"

"We all know that digital transformation is table stakes for the post-pandemic enterprise. But this comes with additional risks: a bigger target for threat actors to aim at and more visibility and security coverage gaps for them to hide in," said Jeremiah Grossman, CEO of Bit Discovery. "Trend Micro’s approach stands out from the crowd — notably with its blend of multiple sources of asset and risk visibility, including external attack surface visibility powered by Bit Discovery. Trend Micro’s platform helps customers quickly get a prioritized and comprehensive understanding of their attack surface.”

As a unified platform, Trend Micro One delivers powerful risk assessment capabilities, but the ecosystem partners extend that to make it the most complete in the industry. Joint customers benefit from truly connected visibility, better detection and response capabilities, and comprehensive protection across security layers and systems.

Trend Micro One supports this approach by enabling customers to:

*   **Discover the attack surface:** Identify, monitor, and profile cyber assets in customers’ environments.
*   **Understand and continuously assess risk:** Analyze risk exposure, the status of vulnerabilities, the configuration of security controls, and types of threat activity.
*   **Effectively mitigate risk:** Ensure the right preventative controls and take swift action to mitigate risk and remediate attacks across the enterprise by leveraging Trend Micro's threat and risk intelligence.

**_To find out more about the Trend Micro One platform, please visit:_** **_https://www.trendmicro.com/en\_us/business/products/one-platform.html_**

**About Trend Micro**

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.

Trend Micro Launches New Security Platform

It's time for regulators of critical infrastructure — including industrial control systems and operational technology — to focus more on operational resiliency.

During the past year, the Biden administration has issued several standards and mandates across critical infrastructure sectors, from water to transportation. Critical infrastructure is unique because nearly all United States citizens benefit from a critical national infrastructure (CNI) entity every day — whether they realize it or not. So, when one of those CNI entities is compromised, the impact often is felt on a personal level. Just look at Colonial Pipeline breach: Lines at gas stations were longer than ever as Americans feared a drastic fuel shortage.

The Biden administration's efforts to strengthen these sectors are well-intentioned and certainly demonstrate that the US government is taking cybersecurity threats seriously. These efforts are worthy of recognition because previous administrations haven't always prioritized cybersecurity strength. Intentions aside, however, these reporting mandates and standards are likely to prove ineffective and even dangerous.

**Assuming Visibility  
**One of the main issues industrial control systems (ICSs) and operational technology (OT) systems face today is lack of visibility. You can't secure what you don't have access to, and studies have shown that the vast majority of organizations have limited visibility into their ICS environments — if they have any visibility at all.

These standards and mandates dangerously assume that organizations know they were breached in the first place. If organizations don't have the resources to monitor their ICS environments, they may never know a threat actor is trying to break into their network — or, worse, that a threat actor has already been inside the network for days, months or even years. This obviously makes the 24- and 72-hour reporting mandates impossible to meet. In addition, it appears we are headed toward a hodgepodge of overlapping regulations that will place a significant burden on private enterprises.

**Distracting From What's Important  
**One example of this overlap is Senate bill S.2875 Cyber Incident Reporting Act of 2021 and House bill H.R. 5440 Cyber Incident Reporting for Critical Infrastructure. These bills have overlapping requirements that complicate the reporting process. Organizations will likely be required to determine what category an incident falls into and which government agency should handle it. The resources required to do this should be devoted to improving security rather than navigating the complexities of reporting requirements.

Indeed, complying with standards issued by the government takes significant time and resources that could be used to implement effective security controls, especially when it seems like it takes an actual cyberattack for the government to determine that we need another mandate for another industry.

**The Solution  
**It's time for regulators of critical infrastructure to focus more on operational resiliency. Focus and increase investments on ensuring organizations can respond to attacks, minimize impact, and restore operations quickly. We must begin accepting that not all cyberattacks against critical infrastructure can be prevented. The physical nature of these systems makes it nearly impossible to stop 100% of attacks. However, we still have the capability to respond and recover, and that's where we should focus our efforts.

Finally, it's time to take a step back and define a single critical infrastructure cybersecurity standard. If your industry is defined as critical infrastructure, then, by definition, it requires protection. Let's define a singular critical infrastructure cybersecurity standard now and start enforcing protection, including increased investments in systems to increase visibility and resiliency.

Overlapping ICS/OT Mandates Distract From Threat Detection and Response

Barely over a quarter of medical device companies surveyed maintain a software bill-of-materials, and less than half set security requirements at the design stage.

The stakes for cybersecurity are literally life and death in the medical device industry. As far back as 2013, then-US Vice President Dick Cheney had his doctor turn off the wireless connectivity in his pacemaker as a precaution, as the BMJ reports. The WannaCry attacks in 2017 to 2019 and other incidents show that was not merely paranoia – and this year's Access:7 vulnerability underscores the continuing threat to connected devices, including medical systems. While such events have raised awareness in the healthcare system about security threats, "the more that medical device manufacturers work to improve their cybersecurity capabilities, the more gaps they realize they have."

That's according to a report published this week by Cybellum. The report, titled "Medical Device Cybersecurity: Trends and Predictions," collected responses from 150 security and compliance decision-makers in the medical device industry worldwide.

The highlighted bar in the above graph shows that only 27% of respondents said their company generates and maintains a software bill-of-materials (SBOM) for its products. Such documents list all of the software components that go into a product, vital to tracking unexpected dependencies and hidden vulnerabilities, as the Log4j debacle underscored. The May 2021 executive order from US President Joe Biden calls out SBOMs as important to cybersecurity. The level of mainstream awareness and implementation is what makes this low adoption rate a surprise. It's an area to watch for next year's results.

The most implemented security measures in Cybellum's survey are running binary code analysis (47%) and setting security requirements during the design phase (46%). Binary analysis can reveal patterns of security flaws and audit for known vulnerable software elements. Addressing security concerns earlier, aka "shifting left," means developers can find and fix problems before they get deeply embedded and difficult to disentangle. The good news is that almost half of security decision-makers at medical device companies say they're using at least one of those techniques; the flipside is that more than half do not use them.

Other techniques medical device companies are using to secure their products include source-code static code analysis (SAST), performed by 41% of respondents; threat intelligence, by 39%; continuous security testing across the device life cycle, by 38%; educating developers on secure coding, by 27%; pen-testing/fuzzing, by 16%; and dynamic application security testing (DAST), by 14%.

The Cybellum report notes that "looking at the data segmented by types of companies, SBOM is more popular with OEMs (34%), compared to suppliers of medical device components (20%). The ultimate responsibility for the safety and security of devices lands on the OEM, which could explain why they make it a priority. Of course, both audiences have a long way to go."

For more insights, download the report from Cybellum.

Many Medical Device Makers Skimp on Security Practices

Acquisition of cloud-based alert security company will help Sophos automate tasks bogging down security teams, the company says.

Sophos has acquired SOC.OS, a spinoff company of BAE Systems Digital Intelligence with a software-as-a-service (SaaS) solution for automating the monitoring and triaging the growing volume of data and alerts across organizations. 

Sophos said it plans to add the SOC.OS technology to its existing managed threat detection and response products. 

"Alert fatigue and lack of visibility still plague security teams worldwide," Dave Mareels, chief executive officer and co-founder of UK-based SOC.OS said. "Considering this, against the backdrop of constantly changing cyberthreats and a challenging talent landscape, defenders need new and innovative products and services that can help them solve more complex incidents in less time."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Sophos Buys Alert-Monitoring Automation Vendor

UltraDNS Terraform Provider enhances productivity, change management.

**Sterling, Virginia – April 21, 2022** – Neustar Security Services, a leading provider of cloud-oriented security services that enable global business to thrive online, has launched an integration with Terraform, an open-source infrastructure-as-code software tool created by HashiCorp. The new integration, UltraDNS Terraform Provider, enables DevOps teams to provision DNS changes when applications are deployed to realize enhanced productivity during that deployment.

Integrating UltraDNS into the Terraform ecosystem enhances Neustar Security Services’ capability to deliver a platform that provides speed, stability and extensibility when managing DNS. The new integration supports DNS standard and advanced records, including features such as SiteBacker, Simple Monitor/Failover, Simple Load Balancing and Traffic Controller. Available to DevOps teams on the Terraform registry, UltraDNS Terraform Provider includes four categories, 11 resources, 11 data sources, 94 self-check modules and 37 help files.

“As IT infrastructure has grown increasingly complex, so too has the task of managing DNS strategy,” said Enrique Somoza, director of product management with Neustar Security Services. “UltraDNS’s integration with Terraform enhances our customers’ velocity to accurately deploy, manage and automate DNS updates across complex cloud environments.”

The integration will allow Neustar Security Services to enable its customers’ application of Terraform across different use cases and environments.

“This latest integration reflects Neustar Security Services’ commitment to listening to and addressing the evolving needs of its customers, particularly those who use Terraform to define, build and version infrastructure safely and efficiently,” added Somoza.

Neustar Security Services’ UltraDNS integration with Terraform provides a compelling solution for DevOps managers, who can learn more about technical details here.

**About Neustar Security Services**  
The world’s top brands depend on Neustar Security Services to safeguard their digital infrastructure and online presence. Neustar Security Services offers a suite of cloud-delivered services that are secure, reliable, and available to enable global businesses to thrive online. The company’s Ultra Secure suite of solutions protects organizations’ networks and applications against risks and downtime, ensuring that businesses and their customers enjoy exceptional interactions all day, every day. Delivering the industry’s best performance service, Neustar Security Services’ mission-critical security portfolio provides best-in-class DNS, application and network security (including DDoS, WAF and bot management) services to its Global 5000 customers and beyond. For more information, visit https://neustarsecurityservices.com/.

Neustar Security Services’ UltraDNS Integrates Terraform for Streamlined, Automated DNS Management

Ransomware groups are looking to strike large agriculture cooperatives during strategic seasons, when they are most vulnerable, according to law enforcement.

Ransomware operators are eyeing attacks on large networks of farmers, called agriculture cooperatives, during make-or-break planting and harvest seasons, when they are likely most desperate to pay, according to the Federal Bureau of Investigation. 

A new advisory details previous attempts by threat actors since 2021 to disrupt agricultural co-op operations, including a Lockbit 2.0 attack on a critical farming supplier, and a July 2021 breach of a business management software company serving several agricultural cooperatives. Some of the attacks were successful and resulted in a production slowdown, the FBI says. 

Another successful attack could affect the entire food chain, the alert warns. 

"Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production," the alert says. "Although ransomware attacks against the entire farm-to-table spectrum of the FA sector occur on a regular basis, the number of cyber attacks against agricultural cooperatives during key seasons is notable."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

FBI Warns Ransomware Attacks on Agriculture Co-ops Could Upend Food Supply Chain

Cybersecurity professionals discovered, analyzed, and created defenses against the ICS malware framework before it was deployed, but expect the stakes to keep rising.

The recent discovery of a malware framework — referred to as both Pipedream and Incontroller — targeting industrial control systems (ICS) highlights what can happens when everything goes right, ICS security professionals stressed at a panel discussion hosted by the Atlantic Council on April 22.

Unlike as in previous attacks, cybersecurity experts detected components of the malware, researching the attackers' techniques, and erected defenses against Pipedream, before it was even deployed. In its current state, the framework boasts capabilities that can scan for and communicate with some programmable logic controllers from Schneider Electric and Omron, as well as scan and profile unified communication servers based on the OPC Unified Architecture specification.

The expertise and capabilities encapsulated in the framework point to a nation-state actor as the source, making the coordinated investigation a significant win, and the best argument for the return on investment (ROI) of cybersecurity, says Danielle Jablanski, operational technology cybersecurity strategist at Nozomi Networks and a former consultant for the US Department of Defense.

"For terrorism, we can never talk about \[the successes\], because they are classified," she says. "But this is the best potential ROI that we have seen, because \[Pipedream\] did not actually become operational, and now we can learn from it."

On April 14, managed response firm Mandiant and ICS specialist Dragos released separate reports on the ICS framework, which they dubbed Incontroller and Pipedream, respectively. The cyber-espionage and attack framework is the seventh attacker tool set to specifically target industrial control systems, but the second to be disclosed in April. On April 12, cybersecurity firm ESET announced that the company had worked with a Ukrainian energy provider to mitigate an attack by Industroyer 2 the previous month.

While cybersecurity experts have been reticent to attribute the attacks to Russia, the links between their targeted and the current Russian invasion of Ukraine have suggested that the nation is the most likely sponsor. While the country might be hesitant to attack critical infrastructure, Russia has not had any qualms about supporting ransomware attacks, says Bryson Bort, CEO and founder of Scythe and a panelist.

"I don't think Russia will attack us directly \[targeting\] industrial control systems, because that is going to invite a military response, which they cannot afford — they have enough on their hands already," he says. "But I'm surprised that they have not amped up ransomware against our private industry."

The panel discussion featured a variety of government and industry experts who also serve as fellows in the Cyber Statecraft Initiative, which is part of the Atlantic Council's Scowcroft Center for Strategy and Security.

**For Attackers, ICS is a Shopping Mall  
**The concern over Pipedream is not because it contains exploits for zero-day vulnerabilities, but because the tool set is tailor-made to operate within common ICS environments. The analyses list three (Mandiant) to five (Dragos) components making up the attack framework, targeting Schneider Electric programmable logic controllers (PLCs), Omron PLCs, and unified communication servers using the Open Platform Communications (OPC) specification.

The attackers are not exploiting vulnerabilities in the products, but problems in the interoperation that leads to security issues, says Scythe's Bort.

"This is a vulnerability in the architectural ecosystem and design of the industrial control systems, period," he says. "Attacks like this show how flat the \[network\] architecture actually is, and that really is the true vulnerability in the design, and that is a generational problem — it is not the kind of thing that we can say, oh, we are going to patch that and fix it — we have to switch this equipment out over the next 10, 20, and 30 years."

Megan Samford, vice president and chief product security officer at Schneider Electric and a panel member, underscored that the problem was not a software vulnerability. Instead, the tool set focused on specific vendors because those vendors are likely in the targeted networks.

"If you could imagine a shopping mall being built, and you can see that there is a Schneider store and there is an Omron store, but there are probably 20 other stores that could be built out — that is really what this was," she says. "So our products were in the framework, not because of a weakness, but because of out global scale and our products operate and support critical infrastructure locally."

**Geopolitical Implications** Currently, there are seven known attacker frameworks that have targeted industrial control systems: Stuxnet, Havex, Black Energy 2, Industroyer/CrashOverride, HatMan/Triton/Trisys, Industroyer 2, and Pipedream/Incontroller. While Stuxnet has been attributed to a joint US-Israeli effort, all six of the other frameworks have been linked, to varying degrees, to Russian efforts.

"What we now know for sure is that our adversaries have done their homework," Nozomi Networks' Jablanski says. "There are seven focused, technology-specific incidents that we have seen targeting the hardware and software that we talk about in OT and ICS ... but that does not capture the full range of actors that are looking at industrial operations."

In addition to the United States and Russia, China is know to have tools that target industrial control systems as well, the experts said.

Early Discovery of Pipedream Malware a Success Story for Industrial Security

New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.

BUCHAREST, Romania and SANTA CLARA, Calif., April 21, 2022 -- Bitdefender, a global cybersecurity leader, today announced new enhancements to its Bitdefender Premium Virtual Private Network (VPN) Service designed to bolster privacy, identity protection and security for consumers. New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private web browsing from anywhere in the world using a computer or mobile device. It is simple to set up and comes with an intuitive interface for any level user.

Cybersecurity and data privacy are converging as consumers grow increasingly concerned about who has access to their personally identifiable information, as well as data collected about their online activities and how that data is sold, traded and used. Even when consumers use so-called "Private Browsing" or "Incognito" modes on major web browsers, internet service providers (ISPs), wireless hotspots and websites often still collect information about their browsing history and online behavior.

Data tracking, spyware and other malicious threats are still a reality on open public Wi-Fi networks. According to Firefox telemetry, about 80 percent of web traffic globally is encrypted. Additionally, a study found that about six percent of the top 10,000 websites secured by HTTPS had TLS protocol security flaws.

Recent Bitdefender research revealed that most consumers are highly exposed to risk, with the majority (61 percent) not using VPN services and anti-trackers, ad blockers (44 percent) or privacy software of any type (64 percent) on the personal devices they use most for online activities.

"It has become increasingly difficult for consumers to maintain privacy and keep their data secure as they conduct their digital lives online," said Ciprian Istrate, vice president, Bitdefender Consumer Solutions. "We incorporated ad blocking and anti-tracking capabilities to Bitdefender Premium VPN to deliver both solid protection and anonymity as users enjoy favorite online activities without concern their online behaviors are being tracked or personal data collected and sold either legally or illegally."

**Bitdefender Premium VPN Key Features**

*   **Powerful Encryption for All Web Traffic** \-- Securely encrypt all incoming and outgoing web traffic for Windows, Mac, Android and iOS devices leveraging over 4,000 Bitdefender VPN servers across 49 countries. Keep online identities and activities safe from hackers, ISPs and others for safe online streaming and downloads, with no traffic logs.
*   **Built-In Ad Blocker for Better Browsing Experience** \-- Native ad blocker module removes ads, banners, pop-ups and video ads from websites for a better browsing experience. Blocking intrusive ads reduces the risk of adware and malware, and helps users save bandwidth while reclaiming the entire screen for relevant content only.
*   **Prevent Online Profiling With Anti-Tracker --** Block advertisers, websites and other third-parties from collecting data such as device type, location, web queries, shopping preferences and more. Preventing the collection of such data not only protects consumer privacy, it can speed performance of users' devices.
*   **Achieve System-Wide Protection --** As opposed to web browser extensions that only offer privacy within that browser, Bitdefender VPN Premium blocks disrupting ads and tracking modules across the user's entire device without slowing down systems or leaving gaps in defense.
*   **Whitelist Trusted Websites --** Easily make exceptions to ad blocking and anti-tracking features as desired, by adding the URLs of specific, trusted domains to a whitelist. This enables VPN users to ensure secure, encrypted browsing while accessing websites that might otherwise not load properly when tracking codes are blocked.

**Availability**

Bitdefender Premium VPN is available for Windows, macOS, Android and iOS devices. New ad blocker, anti-tracker and whitelist capabilities are now available to all users, including free and trial customers. For more information or to purchase Bitdefender Premium VPN visit https://www.bitdefender.com/solutions/vpn.html.

**About Bitdefender**

Bitdefender provides cybersecurity solutions with leading security efficacy, performance and ease of use to small and medium businesses, mid-market enterprises and consumers. Guided by a vision to be the world's most trusted cybersecurity solutions provider, Bitdefender is committed to defending organizations and individuals around the globe against cyberattacks to transform and improve their digital experience. For more information, visit https://www.bitdefender.com.

Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies

New integrations enable Contrast capabilities to be delivered to Red Hat OpenShift users.

LOS ALTOS, Calif., April 22, 2022 /PRNewswire/ -- Contrast Security (Contrast), the leader in code security that empowers developers to secure-as-they code, today announced the introduction of cloud-native automation for users leveraging Red Hat OpenShift, the industry's leading enterprise Kubernetes platform. Red Hat OpenShift users can now deploy containerized applications with embedded security features within a native continuous integration and continuous delivery (CI/CD) pipelines. This enables Red Hat OpenShift users to retain scalability, while adding automated security testing and protection as a routine part of the software delivery process. These added capabilities result in minimized manual configuration, reduction in additional overhead costs, and overall security efficiencies.

Contrast enables customers to continuously monitor OpenShift applications at runtime to deliver the most actionable results without requiring AppSec teams to waste hundreds of hours validating results and causing delays for developers.

"Unfortunately many organizations lack the means to implement scalable security gates within their CI/CD pipelines, which translates to insecure code being shipped across distributed cloud environments. Contrast helps these teams drive their DevSecOps transformation with automation at scale," said Sanjay Ramnath, Vice President of Product Management at Contrast Security. "These new capabilities are another component to Contrast's overall mission of ensuring developers are empowered to embed security capabilities within their environments without imposing additional work on them. We want to make security a value-add for everyone."

Contrast enables Red Hat OpenShift users to benefit from the following capabilities:

*   **Source-to-Image Deployment**: Cloud developers can embed Contrast's Assess and Protect agents into their source code image to implement continuous vulnerability detection with runtime context and help protect their apps from targeted attacks in production.
*   **CI/CD Jenkins Pipelines**: AppSec teams can trigger automated security tests within native Jenkins pipelines and establish security policy gates to mitigate potential vulnerabilities. Alternatively, users can also automate in their Jenkins CI/CD pipelines by pulling the agent from Contrast.
*   **OpenShift Pipelines via Tekton**: Contrast provides OpenShift users with automated tasks that can be used to create repeatable pipeline templates within OpenShift Pipelines environments. APIs provided by the Contrast Secure Code Platform help initiate automated vulnerability static scanning at build time and instrument applications for security telemetry from within prior to deployment.

The Contrast Secure Code Platform is available today with support for Java, .NET, and Node.js applications. For more information about Contrast Platform offerings, visit www.contrastsecurity.com/integration.

**About Contrast Security:**

Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Contrast Security Introduces Cloud-Native Automation

New capabilities enable improved OT and IoT asset visibility along with data-powered threat detection and cost-effective deployments at scale.

**MIAMI - S4x22 Conference - April 19, 2022** – Forescout Technologies, the leader in cybersecurity automation, today announced that it has enhanced the operational technology (OT) and IoT capabilities for its newly released Forescout Continuum Platform, the industry’s first automated cybersecurity platform that continuously manages the risk posture of cyber assets and delivers enhanced threat detection and response for operational continuity.

The cyber and operational risks and threats affecting OT organizations are multiplying, calling for cybersecurity solutions that scale across an organization’s entire infrastructure and distributed locations. Organizations with OT and industrial control system (ICS) networks are also facing a cybersecurity skills gap and resource shortage, making it increasingly difficult to keep up with the evolving threat landscape. To address these issues for industrial enterprises, Forescout added new capabilities to provide broader visibility and threat detection for OT and IoT devices with an enhanced user experience, increased scalability and performance, and flexible deployment options to help automate workflows and enable a more effective platform operation and cost-effective deployments at scale.

“Forescout Continuum Platform is unique in its ability to automate cybersecurity workflows for both data collection and incident response, effectively collaborating with the other security tools for an effective collective defense,” said Daniel Trivellato, Vice President of OT, Forescout. “The new release allows organizations to quickly and easily gather and analyze the information they need, while reducing the learning curve and helping them prioritize and automate response across their OT networks. These enhancements also improve operational and cost effectiveness of large-scale enterprise deployments, which is highly valued by individual customers that have deployed our OT solution to a thousand distinct locations.”

The new capabilities and benefits include:

*   **Enhanced user experience:** A streamlined UI developed based on customer feedback for more efficient workflows, including at-a-glance insights into the trends and risks of all OT networks; a scalable asset page for effective analysis of risks, vulnerabilities and communications; and a new alerts page to better prioritize threat mitigation.
*   **Effective deployment at scale**: New sensor templates and centralized sensor configuration for faster deployment at hundreds of sites; ability to monitor up to 10 Gbps for centralized deployment models; support for DHCP networks and devices.
*   **Expanded visibility and detection:** Further expansion of our broad protocol coverage of 250+ IT, OT and IoT protocols so customers can identify and assess more assets and vendors; extended coverage to 30 active queries to identify common OT, IoT and IT devices; an extensibility framework for active queries and asset classification to expand built-in visibility and asset roles at run-time for more accurate classification.
*   **Flexible Deployment Options**: All passive and active sensors are deployed as containers by default, to allow deployment on almost any appliance; support for smaller, low-cost hardware for decentralization or segmented networks; support for deployment on 3rd party network infrastructure hardware; ability to deploy the Command Center in private AWS and Azure instances.

Forescout excels in ICS asset visibility according to the Forrester Wave™: Industrial Control Systems (ICS) Security Solutions, Q4 2021 and has “_the broadest ICS protocol support of the vendors evaluated. That protocol knowledge also helps Forescout deploy the leading asset discovery and identification capability in this evaluation according to multiple customers_”. The in-depth visibility of IT, IoT and OT networks and assets offered by Forescout Continuum is key to enabling effective, real-time management of a full range of operational and cyber risks, and Forescout is committed to continuously broaden these capabilities so industrial enterprises can operate securely without disruptions.

**About Forescout**

Forescout Technologies, Inc. delivers automated cybersecurity across the digital terrain, maintaining continuous alignment of customers’ security frameworks with their digital realities, including all asset types – IT, OT, IoT, IoMT. The Forescout Continuum Platform provides complete asset visibility, continuous compliance, network segmentation and a strong foundation for Zero Trust. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide automated cybersecurity at scale. Forescout arms customers with data-powered intelligence to accurately detect risks and quickly remediate cyberthreats without disruption of critical business assets. www.forescout.com

Source

DARKReading