sb-eu logo
Story image

Secureworks opens up proprietary UEBA through partner programme

05 Sep 2018

Cybersecurity company Secureworks announced that it will partner with other security solution providers to apply its Red Cloak behavioural analytics in their customers’ environments.

Secureworks’ decision to decouple its proprietary analytics offering from its endpoint agent will make the company’s high-fidelity detection and threat hunting capabilities available more broadly in the marketplace, while also giving clients the freedom to choose endpoint security products that best meet their needs.

Secureworks threat hunters and incident responders developed Red Cloak in 2010 when they were unable to find adequate tradecraft for analysing threat actor behaviour and intent.

The company has since deployed Red Cloak in response and hunting engagements around the globe and also applies the analytics as part of the company’s managed detection and response offerings.

With the launch of its Red Cloak Partner Program, Secureworks will engage in a more transparent exchange of raw data with participating vendors.

This collaboration will generate the necessary level of telemetry that Secureworks analysts require to apply Red Cloak behavioural analytics effectively and generate positive outcomes for the client.

When a partner’s solution is coupled with Secureworks telemetry and intelligence, clients can expect:

  • a comprehensive view of threat actor activity in their environment,
  • better context for validating and remediating threats,
  • new countermeasures as vendors share a broader range of threat detection and response data and
  • the option to conduct threat hunting searches

 “We are launching this program to foster more cooperation and transparency in the security market and help clients detect advanced threats,” says Secureworks president and CEO Michael Cote.

“The Red Cloak Partner programme enables Secureworks to apply its intelligence and threat hunting capabilities to the client’s choice of security tools.”

 “In the majority of incident response engagements, we discover that the organisation lacks enough visibility to accurately identify malicious activity,” says Secureworks chief threat intelligence officer Barry Hensley.

“Secureworks’ analytics engine leverages our understanding of threat behaviour to detect adversaries who are using complex techniques to elude an organisation’s security controls.

“When Red Cloak is deployed, clients can rapidly focus resources on the right priorities versus getting lost in a maze of forensics activity.”

Secureworks invests heavily in developing counter threat intelligence and platforms that provide earlier warning of hidden intruders.

Story image
Proofpoint enhances security awareness training platform
Available in Q4 2020, the platform will integrate more closely with Proofpoint’s best-in-class threat intelligence.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Phishing scam imitates SharePoint & OneNote for nefarious clicks
Sophos researchers say that the attackers take a slightly different approach to the standard ‘fake login’ phishing email.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More