Context-Driven Security: Bridging the Gap Between Proactive and Reactive Defense.

~ Reporter ~ Leave a comment

As cyber threats become more sophisticated, security teams struggle to shift from reactive trouble shooting to deploying strategic, proactive defenses. Disconnected tools and siloed data limits security teams’ visibility into their environments, preventing them from having a clear understanding of their organization’s risk factors. This fragmentation also impacts a company’s business operations. Research shows that only 52% of executives agree that their security strategy is aligned with their business strategy. And less than half of these executives feel that their security strategy is aligned with their IT strategy.

A context-driven security approach changes the equation. It consolidates tools for asset discovery, vulnerability management, and threat detection into a single integrated platform, providing security teams with a cohesive picture of their security posture. Context-driven security also allows organizations to move beyond reactive models toward smarter prioritization, faster decision-making, improved resilience, and measurable progress in cybersecurity maturity.

From Blind Spots to Full Visibility: The Power of Context-Driven Security

Today’s cybersecurity gaps aren’t just the result of tool sprawl; they stem from a lack of full-spectrum context. When security teams can’t connect activity across endpoints, identities, cloud workloads, and applications, critical threats are missed, alerts aren’t prioritized, and adversaries exploit weaknesses.

Context-driven security closes these gaps by unifying detection and prevention. Instead of reacting to isolated signals, MSPs can correlate activity across the attack surface, uncover hidden attack paths earlier, and prioritize threats based on real business risk. Unified environments have also been shown to deliver breach detection 40% faster and threat remediation 35% faster than fragmented ones.

Connecting the Dots: How Automated Correlation Enhances Detection

Context-driven security also sets the foundation for automated correlation, enabling MSPs to move beyond isolated detection toward prioritized, strategic action. Automated correlation continuously analyzes signals across endpoints, identities, cloud workloads, and networks—linking related security events in real time to reveal attack patterns and threat chains.

Instead of forcing analysts to manually sift through thousands of alerts, automated correlation connects the dots automatically, providing a full view of multi-stage and identity-driven attacks before they escalate. This reduces noise, accelerates detection, and empowers faster, smarter decisions at scale.

Organizations leveraging automated correlation within a context-driven framework experience 60% fewer incidents caused by misconfigurations, underscoring how better context directly enhances both security outcomes and operational efficiency.

Beyond Activity Logs: Proving Security Value Through Measurable Outcomes

Clients expect more than activity logs; they demand proof that security investments are working. Quarterly posture assessments, maturity scorecards, and executive-level reporting are quickly becoming baseline expectations for client relationships.

MSPs can leverage security context to demonstrate measurable improvements to key metrics like reductions in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), improvements in security posture ratings, and progress against cybersecurity maturity frameworks like NIST CSF 2.0.

As security investments come under greater scrutiny, clients expect their partners to demonstrate clear, measurable improvements. The ability to quantify risk reduction, prove operational resilience, and show progress toward compliance goals has become a critical competitive advantage for MSPs.

This shift also creates an opportunity for MSPs to step in as strategic partners. Many clients lack a clear way to benchmark where they stand today or assess how their security investments are performing. By offering structured security posture assessments, MSPs can deliver tangible baselines that highlight strengths, identify critical gaps, and guide smarter investment decisions. It’s not about adding another tool—it’s about providing the clarity clients need to prioritize actions, improve maturity, and track progress over time.

Cybersecurity maturity models also provide a foundation for scaling services as client needs evolve. These models typically map organizations across stages such as Underprepared, Reactive, Proactive, and Anticipatory. Context enables MSPs to align services to each client’s current stage, demonstrate measurable outcomes, and build tiered offerings that help clients strengthen their overall security posture.

By embedding security context into client relationships, MSPs can drive recurring growth, strengthen retention, and stand apart based on the strategic value they deliver.

Turning Context into a Strategic Advantage for Cyber Resilience

The cybersecurity landscape demands more than piecemeal defenses. Context-driven security empowers MSPs to eliminate blind spots, prioritize critical risks, demonstrate security value, and help clients grow more resilient over time. In a threat landscape where complexity is the adversary’s weapon, context is the MSP’s most powerful defense.

Learn more about advancing your security posture here.

 

The post Context-Driven Security: Bridging the Gap Between Proactive and Reactive Defense. first appeared on Cybersecurity Insiders.

The post Context-Driven Security: Bridging the Gap Between Proactive and Reactive Defense. appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/DWrxsiU
via IFTTT

Amazon Nova Premier: Our most capable model for complex tasks and teacher for model distillation

~ Reporter ~ Leave a comment

Today we’re expanding the Amazon Nova family of foundation models announced at AWS re:Invent with the general availability of Amazon Nova Premier, our most capable model for complex tasks and teacher for model distillation.

Nova Premier joins the existing Amazon Nova understanding models available in Amazon Bedrock. Similar to Nova Lite and Pro, Premier can process input text, images, and videos (excluding audio). With its advanced capabilities, Nova Premier excels at complex tasks that require deep understanding of context, multistep planning, and precise execution across multiple tools and data sources. With a context length of one million tokens, Nova Premier can process extremely long documents or large code bases.

With Nova Premier and Amazon Bedrock Model Distillation, you can create highly capable, cost-effective, and low-latency versions of Nova Pro, Lite, and Micro, for your specific needs. For example, we used Nova Premier to distill Nova Pro for complex tool selection and API calling. The distilled Nova Pro had a 20% higher accuracy for API invocations compared to the base model and consistently matched the performance of the teacher, with the speed and cost benefits of Nova Pro.

Amazon Nova Premier benchmark evaluation
We evaluated Nova Premier on a broad range of benchmarks across text intelligence, visual intelligence, and agentic workflows. Nova Premier is the most capable model in the Nova family as measured across 17 benchmarks as shown in the table below.

Amazon Nova Premier Benchmark Evaluations

Nova Premier is also comparable to the best non-reasoning models in the industry and is equal or better on approximately half of these benchmarks when compared to other models in the same intelligence tier. Details of these evaluations are in the technical report.

Nova Premier is also the fastest and the most cost-effective model in Amazon Bedrock for its intelligence tier. For further details and comparison on pricing, please refer to the Bedrock pricing page.

Nova Premier can also be used as a teacher model for distillation, which means you can transfer its advanced capabilities for a specific use case into smaller, faster, and more efficient models like Nova Pro, Micro, and Lite for production deployments.

Using Amazon Nova Premier
To get started with Nova Premier, you first need to request access to the model in the Amazon Bedrock console. Navigate to Model access in the navigation pane, find Nova Premier, and toggle access.

Console screenshot.

Once you have access, you can use Nova Premier through the Amazon Bedrock Converse API providing in input a list of messages from the user and the assistant. Messages can include text, images, and videos. Here’s an example of a straightforward invocation using the AWS SDK for Python (Boto3):

import boto3
import json

AWS_REGION = "us-east-1"
MODEL_ID = "us.amazon.nova-premier-v1:0"

bedrock_runtime = boto3.client('bedrock-runtime', region_name=AWS_REGION)
messages = [
    {
        "role": "user",
        "content": [
            {
                "text": "Explain the differences between vector databases and traditional relational databases for AI applications."
            }
        ]
    }
]

response = bedrock_runtime.converse(
    modelId=MODEL_ID,
    messages=messages
)

response_text = response["output"]["message"]["content"][-1]["text"]

print(response_text)

This example shows how Nova Premier can provide detailed explanations for complex technical questions. But the real power of Premier comes with its ability to handle sophisticated workflows.

Multi-agent collaboration use case
Let’s explore a more complex scenario that showcases how Nova Premier works a multi-agent collaboration architecture for investment research.

The equity research process typically involves multiple stages: identifying relevant data sources for specific investments, retrieving required information from those sources, and synthesizing the data into actionable insights. This process becomes increasingly complex when dealing with different types of financial instruments like stock indices, individual equities, and currencies.

We can build this type of application using multi-agent collaboration in Amazon Bedrock, with Nova Premier powering the supervisor agent that orchestrates the entire workflow. The supervisor agent analyzes the initial query (for example, “What are the emerging trends in renewable energy investments?”), breaks it down into logical steps, determines which specialized subagents to engage, and synthesizes the final response.

For this scenario, I’ve created a system with the following components:

  1. A supervisor agent powered by Nova Premier
  2. Multiple specialized subagents powered by Nova Pro, each focusing on different financial data sources
  3. Tools that connect to financial databases, market analysis tools, and other relevant information sources

Multi-agent architectural diagram

When I submit a query about emerging trends in renewable energy investments, the supervisor agent powered by Nova Premier does the following:

  1. Analyzes the query to determine the underlying topics and sources to cover
  2. Selects the appropriate subagents specific to those topics and sources
  3. Each subagent retrieves their relevant economic indicators, technical analysis, and market sentiment data
  4. The supervisor agent synthesizes this information into a comprehensive report for review by a financial professional

Utilizing Nova Premier in a multi-agent collaboration architecture such as this streamlines the financial professional’s work and helps them formulate their investment analysis faster. The following video provides a visual description of this scenario.

The key advantage of using Nova Premier for the supervisor role is its accuracy in coordinating complex workflows, so that the right data sources are consulted in the optimal sequence and each subagent receives in input the correct information for their work, resulting in higher quality insights.

Multi-agent collaboration with model distillation
Although Nova Premier provides the highest level of accuracy of its family of models, you might want to optimize latency and cost in production environments. This is where the strength of Nova Premier as a teacher model for distillation becomes interesting. Using Amazon Bedrock Model Distillation, we can customize Nova Micro from the results of Nova Premier for this specific investment research use case.

Unlike traditional fine-tuning that requires human feedback and labeled examples, with model distillation you can generate high-quality training data by having a teacher model produce the desired outputs, streamlining the data acquisition process.

Amazon Bedrock Model Distillation diagram

The process to distill a model involves:

  1. Generating synthetic training data by capturing input and output from Nova Premier runs across multiple financial instruments
  2. Using this data as a reference to train a customized version of Nova Micro through custom fine-tuning tools
  3. Evaluating the difference in latency and performance of the customized Micro model
  4. Deploying the customized Micro model as the supervisor agent in production

With Amazon Bedrock, you can further streamline the process and use invocation logs for data preparation. To do that, you need to set the model invocation logging on and set up an Amazon Simple Storage Service (Amazon S3) bucket as the destination for the logs.

Customer voices
Some of our customers had early access to Nova Premier. This is what they shared with us:

“Amazon Nova Premier has been outstanding in its ability to execute interactive analysis workflows, while still being faster and nearly half the cost compared to other leading models in our tests,” said Curtis Allen, Senior Staff Engineer at Slack, a company bringing conversations, apps, and customers together in one place.

“Implementing new solutions built on top of Amazon Nova has helped us with our mission of democratizing finance for all,” said Dev Tagare, Head of AI and Data at Robinhood Markets, a company on a mission to democratize finance for all. “We’re particularly excited about the ability to explore new avenues like complex multi-agent collaborations that are not just highly performing but also cost effective and fast. The intelligence of Nova Premier and what it can transfer to the other models like Nova Micro, Nova Lite, and Nova Pro unlocks multi-agent collaboration at a performance, price, and speed that will make it accessible to everyday customers.”

“Accelerating real-world AI deployments—not just prototypes—requires the ability to build models that are specialized for the unique needs of real world applications,” said Henry Ehrenberg, co-founder of Snorkel AI, a technology company that empowers data scientists and developers to quickly turn data into accurate and adaptable AI applications. “We’re excited to see AWS pushing efficient model customization forward with Amazon Bedrock Model Distillation and Amazon Nova Premier. These new model capabilities have the potential to accelerate our enterprise customers in building production AI applications, including Q&A applications with multimodal data and more.”

Things to know

Nova Premier is available in Amazon Bedrock in the US East (N. Virginia), US East (Ohio), and US West (Oregon) AWS Regions today via cross-Region inference. With Amazon Bedrock, you only pay for what you use. For more information, visit Amazon Bedrock pricing.

Customers in the US can also access Amazon Nova models at https://nova.amazon.com, a website to easily explore our FMs.

Nova Premier is our best teacher for distilling custom variants of Nova Pro, Micro, and Lite, which means you can capture the capabilities offered by Premier in smaller, faster models for production deployment.

Nova Premier includes built-in safety controls to promote responsible AI use, with content moderation capabilities that help maintain appropriate outputs across a wide range of applications.

To get started with Nova Premier, visit the Amazon Bedrock console today. For more information, see the Amazon Nova User Guide and send feedback to AWS re:Post for Amazon Bedrock. Explore the generative AI section of our community.aws site to see how our Builder communities are using Amazon Bedrock in their solutions.

Danilo

How is the News Blog doing? Take this 1 minute survey!

(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)

from AWS News Blog https://ift.tt/zajKbXv
via IFTTT

North Korean operatives have infiltrated hundreds of Fortune 500 companies

~ Reporter ~ Leave a comment

SAN FRANCISCO — North Korean nationals have infiltrated the employee ranks at top global companies more so than previously thought, maintaining a pervasive and potentially widening threat against IT infrastructure and sensitive data.

“There are hundreds of Fortune 500 organizations that have hired these North Korean IT workers,” Mandiant Consulting CTO Charles Carmakal said Tuesday during a media briefing at the RSAC 2025 Conference. 

“Literally every Fortune 500 company has at least dozens, if not hundreds, of applications for North Korean IT workers,” Carmakal said. “Nearly every CISO that I’ve spoken to about the North Korean IT worker problem has admitted they’ve hired at least one North Korean IT worker, if not a dozen or a few dozen.”

Google, which ranks eighth on the annual list of the top global companies by revenue, is caught up in this widespread threat, too. 

North Korean technical workers have been detected in Google’s talent pipeline as job candidates and applicants, but none have been hired by the company to date, said Iain Mulholland, senior director of security engineering at Google Cloud.

Threat hunters, insider risk management firms and security analysts continue to raise the alarm about North Korean nationals gaining employment at major corporations, highlighting the expansive ecosystem of tools, infrastructure and specialized talent North Korea’s regime has established for this effort.

The latest warnings and intel from Mandiant and Google constitute an escalation of this threat. Insider risk management firm DTEX recently told CyberScoop that 7% of its customer base, representing a fair cross-section of the Fortune 2000, have been infiltrated by North Korean operatives working as full-time employees with privileged access

The risk of North Korean nationals working for any large organization has moved from being a possibility to an outright assumption. “If you’re not seeing this, it’s because you’re not detecting it, not because it’s not happening to you,” Mulholland said.

“The way that we’ve watched them put IT workers in Fortune 500 companies has been astounding,” said Sandra Joyce, VP of Google Threat Intelligence. 

For now, this group of specialized North Koreans mostly earn money for the jobs they do and send their salaries back to Pyongyang. 

Carmakal said he was baffled by this scheme a few years ago, because it appeared to be a relatively small amount of money in play. But the money earned by North Korea’s regime has accumulated over time and now has the potential to generate substantial revenue.

A thousand IT workers earning six-figure salaries that are funneled back to the North Korean government works out to $100 million a year, and many of these operatives are working multiple jobs at different organizations concurrently, Carmakal said. 

“Most of this activity is generally a fundraising activity,” said John Hultquist, chief analyst at Google Threat Intelligence Group.

Yet, as more North Korean operatives gain employment for technical roles, the potential threat their access to critical systems presents has grown in kind.

“When they start getting rooted out, it can sort of break bad on you and then start breaking things,” Hultquist said. “We’ve already seen evidence of them doing that, especially when their jobs are essentially threatened.”

Pressure is coming in the form of lost wages. Many enterprises are now aware of the threat posed by North Korean IT workers, and companies are detecting and removing them from systems more quickly.

Mandiant observed a change in activity about six months ago, as North Korea shifted tactics and started extorting companies to supplement the wages it lost from outed employees. 

These extortion scenarios, which represent “a very small percentage of cases,” took on a few forms, Carmakal said. Former employees have followed up with their supervisors, threatening to leak data they had access to during their time of employment if the company didn’t pay their signing bonus or the last month of their salary.

In other cases, new personas sent emails to victim organizations claiming to be a threat actor that had broken into their network and stolen data. 

“As we looked at that sample of data that they took, we were able to tie that back to an investigation that we ran six months prior, and learned that that was the exact data that a suspected North Korean IT worker had taken from the company as part of their employment,” Carmakal said. 

“The concern that we have is that there’s always the potential that at some point in time, these actors that have taken data as part of their employment may publish it on the internet,” Carmakal said. “We haven’t seen it happen yet, but that’s the fear that most of these organizations have today.”

Damage could potentially come in even more destabilizing forms, including outright disruption of critical services or infrastructure. 

Mandiant has seen North Korea’s Reconnaissance General Bureau, which has been linked to previous destructive and disruptive attacks, using the same IP addresses as North Korean IT workers, Hultquist said. 

“There’s various technical connections there, and so I think it’s a very real threat,” he said. “Any place they get, they’re essentially in-house. So they can easily hand it over to the intelligence services, if they’re not literally monitoring everything they did, which I think is very, very possible as well.”

The post North Korean operatives have infiltrated hundreds of Fortune 500 companies appeared first on CyberScoop.

from CyberScoop https://ift.tt/eXDNciJ
via IFTTT

Link11 brings three brands together on one platform with new branding

~ Reporter ~ Leave a comment

Frankfurt am Main, Germany, April 30th, 2025, CyberNewsWire

Link11 has fully integrated DOSarrest and Reblaze to become one of Europe’s leading providers of network security, web application security, and application performance

Link11, DOSarrest, and Reblaze have combined their strengths into a single, integrated platform with a new brand identity. The result: a consistent user experience, maximum efficiency, and seamless security. As a European provider, Link11 addresses the current business risks associated with geopolitical uncertainties and growing compliance requirements. At the same time, the company secures business-critical processes worldwide through the synergies created.

With the acquisitions of DOSarrest in 2021 and Reblaze Technologies in 2024, Link11 has expanded its market position. The new Link11 WAAP (Web Application and API Protection) SaaS platform combines comprehensive DDoS protection against web attacks with ML-based adaptive security and API protection. The result is an unmatched combination of adaptive real-time traffic filtering, AI-powered bot detection, and a next-gen web application firewall for secure and encrypted interactions in a single suite.

At the end of 2023, Link11 secured an investment of €26.5 million from Pride Capital Partners. This financing will support the company’s planned product developments and international go-to-market strategy.

Maximum security through proprietary, sovereign cloud infrastructure and artificial intelligence

Link11 is setting new standards in protection against DDoS attacks by using its own AI-based technology. The patented DDoS filter secures all traffic within the Link11 cloud – faster and more efficiently than conventional solutions. The advantages over competitors lie in users’ full control over scaling and intelligent real-time analysis of traffic, as well as continuous learning from attacks.

While other providers rely on third-party infrastructures such as AWS or Google, Link11 controls its own cloud infrastructure. This allows protection mechanisms to work in real time – without delays that can have critical consequences in a DDoS attack. As one of Europe’s leading IT security providers, Link11 enables platform-independent protection, even in multi-cloud environments.

Technological independence as a security factor

The solution is designed for workloads in any cloud environment. Link11’s network was developed specifically for modern cybersecurity requirements and sovereignty. It strengthens security at the network edge, accelerates global content delivery, and provides resilience and data sovereignty.

Jens-Philipp Jung, founder and CEO of Link11: “Cybersecurity today means resilience against threats and outages. European companies that set global standards in data protection should also insist on independence when it comes to their cyber resilience. Especially in times of geopolitical uncertainty, sovereign, powerful and trustworthy IT solutions are needed. With Link11, we are demonstrating what European cutting-edge technology can achieve: maximum resilience, top performance and uncompromising compliance – independently and confidently”.

European companies should rely on an EU-based DDoS protection provider

Recent surveys of cybersecurity managers show that, given the option, independent and trustworthy security solutions from Europe will be used more in the future. Link11 has been successfully providing its services to companies such as financial institutions, media companies, retail and logistics companies, and the public sector for many years. With a strong brand and a multi-layered security approach, Link11 helps its customers reduce their dependence on cybersecurity. The goal is to make security architectures more resilient – technologically, functionally, and geopolitically. 

[youtube https://www.youtube.com/watch?v=-JFNuqu_zEQ]

YouTube link: Link11 – Always at your side

About Link11

Link11 is a specialized European IT security provider that protects global infrastructures and web applications from cyberattacks. Its cloud-based IT security solutions help companies worldwide strengthen the cyber resilience of their networks and critical applications and avoid business interruptions. Link11 is a BSI-qualified provider of DDoS protection for critical infrastructure. With ISO 27001 certification, it meets the highest standards in data security.  

Contact

Lisa Froehlich
Link11 GmbH
l.froehlich@link11.com

The post Link11 brings three brands together on one platform with new branding first appeared on Cybersecurity Insiders.

The post Link11 brings three brands together on one platform with new branding appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/bGsxMJE
via IFTTT

Cloud Security Challenges in Hybrid Environments: Navigating the Complexities of the Cloud

~ Reporter ~ Leave a comment

As businesses continue to embrace digital transformation, hybrid cloud environments—comprising a combination of on-premises infrastructure and public/private cloud resources—have become increasingly popular. The flexibility, scalability, and cost-efficiency offered by the cloud are undeniable, but they also introduce a unique set of security challenges that organizations must navigate.

While hybrid environments enable businesses to leverage the best of both worlds, they come with an added complexity that requires a more sophisticated approach to cloud security. In this article, we’ll explore the most common security challenges observed in hybrid cloud environments and how organizations can mitigate these risks.

1. Complex Visibility and Control

One of the foremost challenges in hybrid cloud environments is maintaining comprehensive visibility and control over both on-premises and cloud-based systems. With workloads and data dispersed across various platforms—private data centers, public cloud providers (like AWS, Microsoft Azure, or Google Cloud), and possibly even multiple clouds—ensuring complete monitoring and governance can be an arduous task.

Why it’s a challenge:

•    The use of different cloud providers introduces varying tools, security standards, and governance protocols, making it difficult to implement a uniform security policy across all environments.

•    Traditional security tools and frameworks designed for on-premises systems often struggle to adapt to the elastic nature of cloud-based services, leading to potential gaps in visibility.

Mitigation strategies:

•    Adopt a centralized cloud security platform that integrates multiple cloud environments and on-premises systems.

•    Use cloud-native security tools from providers that offer unified management interfaces, such as AWS Security Hub or Azure Security Center, to get a consolidated view of security alerts, configurations, and monitoring.

2. Data Security and Compliance Concerns

Data is often considered the lifeblood of organizations, and hybrid cloud environments create significant concerns about data security, privacy, and compliance. Storing sensitive information both on-premises and in the cloud increases the attack surface, making it harder to enforce consistent protection across all data assets.

Why it’s a challenge:

•    Ensuring data is encrypted both in transit and at rest is a constant challenge in hybrid environments, where different security controls may apply depending on where the data resides.

•    Regulatory requirements such as GDPR, HIPAA, and PCI-DSS can become more difficult to comply with when data is spread across various systems, potentially across different geographic regions.

Mitigation strategies:

•    Implement end-to-end encryption for data, regardless of whether it’s stored on-premises or in the cloud.

•    Leverage cloud services that provide built-in compliance certifications and features, such as data residency controls and audit logging.

•    Use Data Loss Prevention (DLP) tools to monitor, detect, and prevent unauthorized access to sensitive data.

3. Identity and Access Management (IAM)

Effective identity and access management is critical for protecting resources in any IT environment, but in hybrid environments, it becomes especially complex. In a hybrid model, employees, contractors, and services may access both on-premises systems and cloud services, requiring tight coordination between multiple IAM systems.

Why it’s a challenge:

•    Managing multiple identity providers (e.g., Active Directory, cloud IAM) increases the risk of inconsistent policies, which can lead to unauthorized access or privilege escalation.

•    The complexity of federating identities between on-premises and cloud systems without proper synchronization can create gaps in security.

Mitigation strategies:

•    Implement a unified identity and access management solution that can manage both on-premises and cloud-based access controls from a single interface.

•    Use tools such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA) to strengthen authentication and ensure only authorized users can access critical systems and data.

•    Regularly audit and review access permissions to ensure that employees have the minimum necessary privileges, especially in cloud-based systems.

4. Insecure APIs and Integrations

In hybrid cloud environments, APIs play a central role in enabling communication between on-premises systems and cloud services. However, unsecured or poorly managed APIs can be a significant vulnerability, as they are often targeted by attackers to exploit weaknesses in the system.

Why it’s a challenge:

•    The sheer number of APIs used to connect disparate cloud and on-premises systems makes it difficult to track and secure them all.

•    If APIs are not properly secured, they can serve as entry points for attackers to exploit vulnerabilities in applications or data.

Mitigation strategies:

•    Implement secure API gateways that can monitor, authenticate, and control access to APIs.

•    Regularly perform vulnerability assessments and penetration testing on APIs to identify and fix weaknesses before they can be exploited.

•    Enforce API security best practices, such as using HTTPS, OAuth, and API rate limiting, to reduce the likelihood of exploitation.

5. Security Misconfigurations

Misconfigurations are one of the leading causes of security breaches in the cloud. Given the dynamic nature of hybrid environments, where systems are constantly being provisioned and decommissioned, ensuring that every cloud resource is configured securely can be a difficult task.

Why it’s a challenge:

•    Cloud providers offer a vast array of configurations, each with its own set of options and security implications, which can easily be misconfigured, leaving systems vulnerable.

•    Overly permissive default settings or insufficiently restrictive access policies can inadvertently expose sensitive resources to unauthorized users.

Mitigation strategies:

•    Leverage automated security configuration management tools (e.g., Terraform, AWS Config, or Azure Policy) to enforce compliance and prevent misconfigurations.

•    Adopt a “least privilege” access model to minimize unnecessary permissions and ensure that only the necessary users and services can access cloud resources.

•    Conduct regular configuration audits and vulnerability scans to identify and rectify any misconfigurations before they can lead to a breach

6. Lack of Skilled Security Professionals

Hybrid environments often require a highly specialized set of skills, especially when it comes to managing the security of both on-premises and cloud systems. The rapid adoption of cloud technologies has created a significant demand for skilled professionals who can manage hybrid environments securely, but the cybersecurity talent pool remains limited.

Why it’s a challenge:

•    As hybrid environments become more complex, organizations face difficulties in hiring and retaining cybersecurity professionals with expertise in both on-premises infrastructure and cloud platforms.

•    The growing volume of security alerts, complex threat landscapes, and continuous patch management require expertise that many in-house teams may lack.

Mitigation strategies:

•    Invest in training and upskilling your IT and security staff to bridge the knowledge gap between on-premises and cloud security best practices.

•    Consider leveraging managed security service providers (MSSPs) to augment your internal security team, providing expertise in hybrid cloud security without the need for additional full-time hires.

•    Adopt a shared responsibility model with cloud providers to understand what aspects of security are managed by the provider and what falls under your organization’s responsibility.

7. Insider Threats

In hybrid environments, where employees may access both on-premises and cloud resources from various locations and devices, insider threats—whether malicious or accidental—become a major security concern. Employees, contractors, or third-party vendors with privileged access can cause significant damage, whether intentionally or by error.

Why it’s a challenge:

•    Hybrid cloud environments often lack a consistent approach to monitoring and controlling insider access, particularly as users work across multiple environments.

•    The rise of remote work and Bring Your Own Device (BYOD) policies adds additional layers of complexity, increasing the chances of unintentional data exposure.

Mitigation strategies:

•    Implement strict access controls, including Zero Trust principles, where every request for access is continuously verified, regardless of the user’s location or device.

•    Deploy user and entity behavior analytics (UEBA) to detect anomalous activities that could indicate insider threats.

•    Regularly educate employees on the risks of insider threats, data handling policies, and how to identify and report suspicious activities.

Conclusion

While hybrid cloud environments offer significant advantages in terms of flexibility and scalability, they also introduce a unique set of security challenges that organizations must address to maintain a robust cybersecurity posture. From complex visibility and control issues to the risks associated with data security, APIs, and insider threats, organizations must adopt a proactive and multi-layered approach to cloud security.

By implementing best practices such as unified IAM systems, automated configuration management, secure APIs, and constant monitoring, businesses can mitigate the risks associated with hybrid cloud environments. As the hybrid cloud model continues to grow in popularity, staying ahead of these security challenges will be critical to maintaining the trust of customers, partners, and regulatory bodies alike.

The post Cloud Security Challenges in Hybrid Environments: Navigating the Complexities of the Cloud first appeared on Cybersecurity Insiders.

The post Cloud Security Challenges in Hybrid Environments: Navigating the Complexities of the Cloud appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/ZX5x9hR
via IFTTT

Announcing second-generation AWS Outposts racks with breakthrough performance and scalability on-premises

~ Reporter ~ Leave a comment

Today we’re announcing the general availability of second-generation AWS Outposts racks, which marks the latest innovation from AWS for edge computing. This new generation includes support for the latest x86-powered Amazon Elastic Compute Cloud (Amazon EC2) instances, new simplified network scaling and configuration, and accelerated networking instances designed specifically for ultra-low latency and high-throughput workloads. These enhancements deliver greater performance for a broad range of on-premises workloads, such as core trading systems of financial services and telecom 5G Core workloads.

Image of an AWS Outposts rack device

Customers like athenahealth, FanDuel, First Abu Dhabi Bank, Mercado Libre, Liberty Latin America, Riot Games, Vector Limited, and Wiwynn are already using Outposts racks for workloads that need to stay on-premises. The second-generation Outposts rack can provide low latency, local data processing, or data residency needs, such as game servers for multi-player online games, customer transaction data, medical records, industrial and manufacturing control systems, telecom Business Support Systems (BSS), and edge inference of a variety of machine learning (ML) models. Customers can now take advantage of the latest generation of processors and more advanced configurations of Outposts racks to support faster processing, higher memory capacity, and increased network bandwidth.

Latest generation EC2 instances

We’re excited to announce local support for the latest generation (7th generation) of x86-powered Amazon EC2 instances on AWS Outposts racks, starting with C7i compute-optimized instances, M7i general-purpose instances, and R7i memory-optimized instances. These new instances deliver twice the vCPU, memory, and network bandwidth while providing up to 40% better performance compared to C5, M5, and R5 instances on previous generation Outposts racks. They are powered by 4th Gen Intel Xeon Scalable processors and are ideal for a broad range of on-premises workloads requiring enhanced performance such as larger databases, more memory-intensive applications, advanced real-time big data analytics, high-performance video encoding and streaming, and CPU-based edge inference with more sophisticated ML models. Support for more latest generation EC2 instances, including GPU-enabled instances, is coming soon.

Simplified network scaling and configuration

We’ve completely reimagined networking in our latest Outposts generation, making it simpler and more scalable than ever. At the heart of this upgrade is our new Outposts network rack, which acts as a central hub for all your compute and storage traffic.

This new design brings three major benefits to the table. First, you can now scale your compute resources independently from your networking infrastructure, giving you more flexibility and cost efficiency as your workloads grow. Second, we’ve built in network resilience from the ground up, with the network rack automatically handling device failures to keep your systems running smoothly. Third, connecting to your on-premises environment and AWS Regions is now a breeze – you can configure everything from IP addresses to VLAN and BGP settings through straightforward APIs or our updated console interface.

Image of an AWS Outposts rack device

Specialized Amazon EC2 instances with accelerated networking

We’re introducing a new category of specialized Amazon EC2 instances on Outposts racks with accelerated networking. These instances are purpose built for the most latency-sensitive, compute-intensive, and throughput-intensive mission-critical workloads on-premises. To deliver the best possible performance, in addition to the Outpost logical network, these instances feature a secondary physical network with network accelerator cards connected to top-of-rack (TOR) switches.

First in this category are bmn-sf2e instances, designed for ultra-low latency with deterministic performance. The new instances run on Intel’s latest Sapphire Rapids processors (4th Gen Xeon Scalable), delivering 3.9 GHz sustained performance across all cores with generous memory allocation – 8GB of RAM for every CPU core. We’ve equipped bmn-sf2e instances with AMD Solarflare X2522 network cards that connect directly to top-of-rack switches.

For financial services customers, especially capital market firms, these instances offer deterministic networking through native Layer 2 (L2) multicast, precision time protocol (PTP), and equal cable lengths. This enables customers to meet regulatory requirements around fair trading and equal access while easily connecting to their existing trading infrastructure.

Instance Name vCPUs Memory (DDR5) Network Bandwidth NVMe SSD Storage Accelerated Network Cards Accelerated Bandwidth (Gbps)
bmn-sf2e.metal-16xl 64 512 GiB 25 Gbps 2 x 8 TB (16 TB) 2 100
bmn-sf2e.metal-32xl 128 1024 GiB 50 Gbps 4 x 8 TB (32 TB) 4 200

The second instance type, bmn-cx2, is optimized for high throughput and low latency. This instance features NVIDIA ConnectX-7 400G NICs physically connected to high-speed top-of-rack switches, delivering up to 800 Gbps bare metal network bandwidth operating at near line rate. With native Layer 2 (L2) multicast and hardware PTP support, this instance is ideal for high-throughput workloads like real-time market data distribution, risk analytics, and telecom 5G core network applications.

Instance Name vCPUs Memory (DDR5) Network Bandwidth NVMe SSD Storage Accelerated Network Cards Accelerated Bandwidth (Gbps)
bmn-cx2.metal-48xl 192 1536 GiB 50 Gbps 4 x 4 TB (16 TB) 2 800

Bottom line, the new generation of Outposts racks deliver enhanced performance, scalability, and resiliency for a broad range of on-premises workloads, even for mission-critical workloads with the most stringent latency and throughput requirements. You can make your selection and initiate your order from the AWS Management Console. The new instances maintain consistency with regional deployments by supporting the same APIs, AWS Management Console, automation, governance policies, and security controls in the cloud and on-premises, improving developer productivity and IT efficiency.

Things to know

At launch, second-generation Outposts racks can be shipped to US and Canada and be parented back to 6 AWS Regions including US East (N. Virginia and Ohio), US West (Oregon), EU West (London and France) and Asia Pacific (Singapore). Support for more countries and territories and AWS Regions is coming soon. At launch, second-generation Outposts racks locally support a subset of AWS services found in previous generation Outposts racks. Support for more EC2 instance types and more AWS services is coming soon.

To learn more, visit the AWS Outposts racks product page and user guide. You can also talk to an Outposts expert if you are ready to discuss your on-premises needs.

— Micah;

How is the News Blog doing? Take this 1 minute survey!

(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)

from AWS News Blog https://ift.tt/MAUdfjG
via IFTTT

Akira Ransomware attack on Hitachi Vantara Servers

~ Reporter ~ Leave a comment

Hitachi Vantara, the global technology powerhouse and a subsidiary of Japan-based Hitachi, was targeted by the notorious Akira Ransomware gang last weekend, forcing the company to take drastic measures. In a bid to contain the spread of the malware, Hitachi Vantara was compelled to take several of its servers offline. This cyberattack has prompted the company to engage with cybersecurity experts, who will assist in navigating the complexities of the incident and guide the IT team in recovery efforts.

According to a statement released by the company, the cyberattack began on April 26, 2025, when its servers were compromised by file-encrypting malware. This attack, which disrupted operations to some degree, highlights the growing sophistication of modern cyber threats and underscores the vulnerabilities even the most secure companies face in today’s digital landscape.

About Hitachi Vantara’s Business and Clientele

For context, Hitachi Vantara operates in several critical sectors, providing cutting-edge storage appliances, cloud solutions, and specialized ransomware recovery services. Its client portfolio spans high-profile public and private entities, including global names such as BMW, Telefonica, and T-Mobile. The company’s broad customer base makes it a significant target for cybercriminals, demonstrating the scale and potential impact of such breaches.

Despite its proactive cybersecurity measures, including rigorous defenses designed to protect sensitive data and infrastructure, Hitachi Vantara fell victim to the Akira ransomware group. This breach not only demonstrates the resilience of cybercriminals but also highlights their ability to bypass even the most robust security protocols, giving a glimpse into the increasingly sophisticated tactics employed by these hackers.

The Akira Ransomware Gang: A Growing Threat

The Akira ransomware group has been active in the cybercrime landscape since 2023. Since then, the gang has reportedly targeted nearly 300 organizations worldwide, with their attacks causing significant financial and operational disruptions. According to a recent analysis by the FBI, Akira’s operations have proven to be highly lucrative. In 2024 alone, the gang is believed to have collected over $42 million in ransom payments from victims, further demonstrating the high stakes and financial motivations behind such cyberattacks.

Akira’s modus operandi typically involves encrypting a victim’s data, rendering it inaccessible unless a ransom is paid. In some cases, they also threaten to release sensitive information to the public if the demands are not met. This two-pronged approach—disrupting operations and leveraging fear of data leaks—has made Akira and similar groups a growing concern for organizations across industries.

Ransomware’s Increasing Threat to All Businesses

This latest attack serves as a stark reminder that no business, regardless of its size or the precautions it takes, is entirely immune to the growing threat of ransomware. As cybercriminals become more organized and sophisticated, even the most diligent companies face increasing risks. Experts continue to stress the importance of comprehensive cybersecurity strategies that include multi-layered defenses, continuous monitoring, and prompt response plans to mitigate the impact of any potential breach.

Call to Action: Reporting Cyber Incidents and Avoiding Ransom Payments

In the wake of such incidents, authorities urge businesses to take immediate action if they fall victim to a cyberattack. It is strongly advised that organizations report these attacks to law enforcement agencies within 48 hours. This not only helps in tracking the cybercriminals but also contributes to broader efforts to prevent further crimes.

Furthermore, experts continue to advise against paying ransoms. Although paying the ransom may seem like a quick fix to restore access to encrypted files, it is often ineffective. There is no guarantee that the hackers will provide the decryption keys or honor their promises. Worse, paying ransoms encourages further criminal activity, making businesses more likely to become future targets.

Looking Ahead: Enhancing Cybersecurity Defenses

As the digital threat landscape continues to evolve, businesses of all sizes must stay ahead of the curve by adopting a proactive cybersecurity stance. This includes investing in advanced threat detection technologies, educating employees about phishing and other common attack vectors, and regularly testing incident response plans. By strengthening defenses and fostering a culture of cybersecurity awareness, companies can better shield themselves from the ever-present risk of cybercrime.

 

The post Akira Ransomware attack on Hitachi Vantara Servers first appeared on Cybersecurity Insiders.

The post Akira Ransomware attack on Hitachi Vantara Servers appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/bu3JgPk
via IFTTT