Back on the East Coast in Philadelphia after last year’s AWS re:Inforce in Anaheim, the SentinelOne team took in the cloud security-focused sights and sounds of over 5,000 other attendees from around the world.

Our team had a very busy week filled with great conversations at our booth, in-depth speaking sessions, AWS Partner Day, AWS Security LIVE!, and an exclusive, sold-out bowling event with technology partner, Snyk. We had a great time connecting with and learning from everyone at this event. Here’s a recap of AWS re:Inforce 2024 from the SentinelOne perspective.

“Job Zero” | Security Is Everyone’s Responsibility

As a recurring theme year, the event continued to focus on the technology and culture elements of security – both with a collaborative approach. You’ll often hear AWS team members say “Security is Job Zero”, and the programming and activities at this show backed this up. Though attendees enjoyed many exciting technology-focused announcements around AWS and partner innovation (yes, including many about AI), the event reached beyond the tech, providing several opportunities to explore developing thoughts on security culture, inclusion, and education.

With something for everyone, the event hosted immersive and hands-on labs for the technically inclined, compelling keynotes, and lots of practical customer stories about tackling cloud security for the strategists and practitioners helping us all walk away with something new to consider or apply.

The SentinelOne team at AWS re:Inforce preparing to deliver hundreds of demos for Singularity Cloud Security, Purple AI, and Singularity Data Lake

AI-Powered Cloud Workload Security for Serverless Containers on AWS

During re:Inforce, SentinelOne announced Singularity Cloud Workload Security (CWS) for Serverless Containers, a solution tailored for containerized workloads on AWS Fargate for Amazon ECS and Amazon EKS. This real-time cloud workload protection platform (CWPP) harnesses the power of AI to swiftly identify and respond to a spectrum of threats, including ransomware, zero-day vulnerabilities, and fileless exploits.

Apple Arcade players with Apple Vision Pro can boost their way into a whole new dimension in Warped Kart Racers, available today on the service.

Mission Critical is excited to introduce you to the 2024 Top 25 Women in Technology. Meet Kelley Mullick.

Apple’s first store in Malaysia, Apple The Exchange TRX, opens Saturday, June 22, in Kuala Lumpur.

Organizations are faced with an increasingly sophisticated, constantly evolving threat landscape and limited resources to protect their environments. To keep up, many businesses count on the 24/7 hands-on expertise provided by managed detection and response (MDR) services.

SentinelOne has once again demonstrated industry-leading real world performance in the latest independent MITRE ATT&CK® Evaluation of managed security service (MSS) providers. The attack scenario in this year’s test highlights the importance of speed, visibility, and reduced noise; with SentinelOne’s Vigilance MDR+DFIR delivering:

100% detection of major attack steps – 15 out of 15 steps identified, investigated, and reportedBest signal-to-noise ratio amongst top performers – Providing clear and actionable analysis and not a flood of automated alertsOptimal Mean-Time-to-Detect and Mean-Time-to-Escalate – SentinelOne’s autonomous, AI-powered Singularity Platform balances speed and accuracy to ensure organizations stay ahead of attacksEnriched reporting – Our final incident report was recognized by MITRE for enrichment with contextual analysis – including a key timeline of events, a detailed technical analysis, and clear, actionable recommendations to reduce the likelihood of incident recurrence

These results clearly illustrate how SentinelOne’s Singularity Platform, combined with its Vigilance MDR + DFIR services, provide the most comprehensive, thorough, and efficient real-world protection against sophisticated attacks for every organization.

Measuring Real-World Protection | Understanding MITRE Enginuity’s ATT&CK Evals MSS Round 2

This year’s evaluation emulated the adversary behavior of menuPass (G0045) and an ALPHV/BlackCat ransomware affiliate. Prevention and remediation were not in scope of the evaluation. menuPass (aka APT10) has been active since at least 2006 and is believed to be sponsored by the Chinese Ministry of State Security. The group focuses on the exfiltration of sensitive data such as intellectual property and business intelligence in support of Chinese national security objectives. ALPHV/BlackCat, a prolific Russian-speaking RaaS group that emerged in 2021, is linked to BlackMatter, DarkSide, REvil, and other RaaS groups. ALPHV/BlackCat utilizes ransomware coded in Rust, allowing for enhanced performance, flexibility, and cross-platform capabilities.

SentinelOne Cuts Through the Noise to Deliver Expert Managed Detection & Response with Speed and Accuracy

It is estimated that security teams receive more than 1,000 events, alerts, or incidents per day, with more than half of these going uninvestigated. While visibility is critical to identifying and understanding threats, it can also lead to information paralysis and alert fatigue. As stated in the MITRE Enterprise Evaluation Round 5: “100% visibility” is not always a positive. AI and automation become critical in ensuring the right information gets to the right hands quickly and with context.

Apple will train Apple Developer Academy students, mentors, and alumni on technologies and tools that take advantage of artificial intelligence.

Mission Critical is excited to introduce you to the 2024 Top 25 Women in Technology. Meet Christine Whichard.

Last week, PinnacleOne highlighted how a new turn of phrase by China’s leader will spark efforts across the country to make scientific breakthroughs occur out of thin air (or steal them from the west).

This week, we flag three emerging threats to the “deep tech” venture ecosystem underpinning western technological and strategic advantage.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: This email address is being protected from spambots. You need JavaScript enabled to view it.

Insight Focus | Deep Tech in The Crosshairs

Throughout the 20th century, most strategic technologies were incubated or directly invented by the Federal Government or by contractors and academic institutions under its protective umbrella. Not anymore.

The Good | Ukrainian Police Arrest Cryptor Specialist Helping Conti & LockBit Ransomware Operations

A Russian national was arrested this week for allegedly working with Conti and LockBit ransomware groups, helping to make their malware undetectable and also conducting at least one attack himself. Ukrainian cyber police apprehended the 28-year-old man in Kyiv during Operation Endgame, a major operation carried out two weeks ago to dismantle an extensive ecosystem of malware droppers.

(Source: Cyber Police of Ukraine)

According to Ukrainian law enforcement, the arrested had expertise in developing custom crypters that encrypted and obfuscated ransomware payloads into what looked like innocuous files. This made them fully undetectable (FUD) to legacy antivirus software. His services were sold to both Conti and LockBit syndicates, which bolstered their success rates in infiltrating networks.

Reports from Dutch police confirm that the man orchestrated at least one of his own attacks using a Conti payload in 2021, indicating his involvement as an affiliate and goals to gain maximum profits from the relationship. His arrest includes seizure of computer equipment, mobile phones, and handwritten notes, all being held for ongoing examination. As it stands, the Russian suspect has already been charged under Part 5 of Article 361 of the Criminal Code of Ukraine for unauthorized interference with information systems. He faces up to 15 years in prison.

This arrest is the latest in a string of actions against LockBit operations, most recently following the distribution of 7000 decryption keys to all affected victims of the Ransomware-as-a-Service (RaaS). Earlier last month, the DoJ unveiled the identity of LockBit’s developer, placing a reward up to $10 million for his arrest or conviction.

The Bad | Hamas-Linked Threat Group Spies on Android Users in Egypt & the Palestinian Territories

An espionage-focused threat actor known as Arid Viper has been linked to an ongoing mobile-based campaign, involving trojanized Android apps delivering ‘AridSpy’ spyware. Based on a recent report, the Hamas-aligned actor is distributing malware through websites that mimic legitimate messaging, job search, and civil registry applications.

Verizon’s annual Data Breach Investigations Report has historically compared and contrasted small and medium businesses (SMB) against large organizations. Not this year. The reason: Both SMBs and large enterprises are increasingly sharing similar attack surfaces. With much of the same services and infrastructures, the difference between the two boils down to the available resources.

Where larger companies may have entire teams of cybersecurity analysts or full-fledged security operation centers (SOCs), many SMBs rely on a single IT person to manage their security. Or, companies may outsource cybersecurity to managed service providers (MSPs) who may not yet have the required skills or services in place to plan, build out, and manage a full cyber program.

In this blog post, we examine the most common types of cybersecurity threats SMBs face today and share a list of top 5 cybersecurity tips that SMBs can follow to start building a more robust cyber posture against modern threats.

Types of Cybersecurity Threats for Small Businesses

In a 2023 Data Breach Investigations Report, researchers found that the top patterns of cybersecurity threats for small businesses (less than 1,000 employees) were system intrusion, social engineering, and basic web application attacks – representing 92% of breaches. Several types of attacks including, phishing, malware, watering hole attacks, and drive-by downloads drive these categories of threats.

Phishing

Phishing attacks continue to grow year-over-year and remain one of the main methods threat actors use to gain entry into their victims’ systems alongside vulnerability exploitation and stolen credentials.

Mission Critical is excited to introduce you to the 2024 Top 25 Women in Technology. Meet Tiffany Tye.

The National Vulnerability Database (NVD) is a critical – yet often overlooked – element of an organization’s security defenses. Established to provide a catalog of known software vulnerabilities, it has become an authoritative source of vulnerability intelligence. However, the NVD faces a troubling backlog of vulnerabilities raising existential concerns about its efficacy.

This blog post takes a dive into what this means for organizations, what actions the industry leaders are taking to mitigate the challenges, and how solutions like Singularity Vulnerability Management are set to help businesses identify and prioritize all types of risk across their attack surfaces.

A Brief History of the NVD

Launched in 2005 by the National Institute of Standards and Technology (NIST), the NVD was created as a repository for the U.S. government to standardize and communicate information on publicly disclosed vulnerabilities. Utilizing the Common Vulnerabilities and Exposures (CVE) system, the NVD provides a centralized source for identifying and evaluating security flaws. Over the years, the NVD has evolved, integrating additional metrics such as the Common Vulnerability Scoring System (CVSS) to assess vulnerabilities’ severity and prioritize remediation efforts.

One of the most important benefits of the NVD is standardization, ensuring that all stakeholders from researchers, security teams, and security vendors, are on the same page regarding how they identify and mitigate vulnerabilities. The NVD enables organizations of all sizes to improve their security posture by offering open access to vulnerability data.

This democratization of information allows smaller businesses, which may lack extensive cybersecurity resources, to leverage the same vulnerability data as larger enterprises. To support the dissemination of this information, the NVD offers integration of vulnerability data via public APIs that many vendors integrate into their IT and Security products. The NVD API has its own set of challenges at enterprise scale with API rate limiting and occasional API call failures.

Market research soon to be published in the first annual SentinelOne Cloud Security Report shows that cloud security professionals are drowning in data, yet lacking insights. While many point-specific solutions like cloud security posture management (CSPM), cloud detection and response (CDR), and cloud workload protection platforms (CWPP) are now mainstream, organizations are struggling with data silos as they seek to derive meaning from a long list of cloud security alerts. SentinelOne’s AI-powered CNAPP, Singularity Cloud Native Security (CNS) solves each of these pain points.

In this blog post, learn how Singularity Cloud Security combines the rapid insights and value realization of an agentless CNAPP, with the stopping and forensics power of a runtime agent, to realize AI-powered protection for modern cloud operations. SentinelOne consolidates security data from native and third-party security sources into the Singularity Data Lake.

Agentless CNAPP and The Attacker’s Mindset

Singularity Cloud Native Security (CNS) from SentinelOne is an agentless CNAPP with a unique Offensive Security Engine that thinks like an attacker, to automate red-teaming of cloud security issues and present evidence-based findings. We call these Verified Exploit Paths. Going beyond simply graphing attack paths, CNS finds issues, automatically and benignly probes them, and presents its evidence.

The Offensive Security Engine might indicate something like, “We found this misconfigured Amazon EC2 instance. We were able to curl out to our dummy C2 server and install a random file. Here is the proof.” With this, cloud security practitioners can prioritize their backlog better and focus on what is truly important rather than tread water in a sea of theoretical noise.

With the release of iOS 18, iPadOS 18, macOS Sequoia, watchOS 18, visionOS, and tvOS 18 this fall, Apple is enhancing the services users love with all-new features.

Mission Critical is excited to introduce you to the 2024 Top 25 Women in Technology. Meet Brittany Taylor.

Today Apple kicked off its 2024 Worldwide Developers Conference, revealing new technologies during a Keynote that was live-streamed from Apple Park.

Apple today announced new updates across its platforms that help empower users and keep them in control of their data.

Apple unveiled new tools and resources to enable developers worldwide to create more powerful apps across iOS, iPadOS, macOS, watchOS, and visionOS.

Apple today introduced Apple Intelligence, the personal intelligence system for iPhone, iPad, and Mac.

Apple today previewed iOS 18, which features more customization, a redesign of the Photos app, updates to Mail, Messages over satellite, and more.