As we continue into 2025, the CyberSift team remains focused on refining and expanding our cybersecurity solutions to provide even greater protection, visibility, and usability for our clients. This month, we've introduced significant improvements in vulnerability scanning, log management, and reporting capabilities, further enhancing our platform's ability to detect and respond to security threats efficiently. These updates reflect our ongoing commitment to keeping organisations secure against an ever-evolving cyber threat landscape.
TUTELA Updates:
Improved Handling of Linux Kernel Packages: Inactive kernel packages and vulnerabilities are now automatically filtered out, reducing unnecessary alerts and ensuring more accurate vulnerability assessments.
OSV Database Integration for Linux Vulnerabilities: Tutela now integrates with the OSV (Open Source Vulnerabilities) Database, enhancing detection and mitigation of vulnerabilities in open-source Linux environments.
AlmaLinux OS Vulnerability Scanning: Added support for AlmaLinux OS, ensuring comprehensive vulnerability scanning and compliance for enterprises using this Red Hat Enterprise Linux (RHEL) alternative.
Bug Fix for OpenJDK Vulnerability Detection: Addressed an issue where some OpenJDK vulnerabilities were not being detected properly, ensuring a more accurate security assessment for Java-based applications.
SIEM Updates:
New Windows Detection Check: Suspicious Unicode Characters
Added detection for Unicode-based obfuscation techniques, a method often used by attackers to evade security solutions.
Reference article: Bypassing EDR as a Standard User
Improved Azure & Office 365 Log Handling
Better translation of Azure App IDs into user-friendly names, making it easier to identify activity in logs.
Enhanced deduplication of Azure logs, reducing redundant entries for a cleaner and more efficient log analysis.
Enhanced Firewall Log Handling
Cisco Firepower: Improved handling of “blocked” traffic messages, ensuring better visibility into firewall actions.
SonicWall Firewall Management: Enhanced detection of key administrative actions, such as:
Rule changes
Admin logins
Network object modifications
New NiFi Processor: CheckWebsiteCS for PCI v4 Compliance
Introduced a new processor to help organizations meet PCI DSS v4 Requirement 11.6.1, which mandates website integrity monitoring.
Knowledgebase article: Website Integrity Checks
Introducing the New Reporting Module: Empower your team with customizable, drag-and-drop reporting capabilities, providing greater flexibility and visibility into security data. Key features include:
Build reports using visualizations, saved search components, tables, graphs, and text.
Use existing SOC-created visualizations or create your own.
Schedule reports via cron expressions and automate email distribution.
Generate reports on demand or schedule them for consistent insights.
Reports are downloaded as .doc files, making it easier to share security insights across teams without needing technical expertise.
This new reporting module significantly enhances the ability to generate meaningful insights from security data, ensuring compliance and operational efficiency.
Comments