top of page

CYBERSIFT Change.log 04.24


Cybersift updates: Change.log April 2024


The CyberSift team has undergone some significant updates and digital changes within our main solutions this spring, aiming to enhance our security measures and drive innovation to become more vigilant in the cyber space.


In our April update, we have implemented updates that not only bolster our security but also advance our innovative processes, ensuring that we stay at the forefront of cybersecurity developments.


Here's our April Update:


SIEM Updates:


Syslog Parser Update: Enable support for Checkpoint Harmony Portal syslog ingestion, expanding compatibility and data sources. Enhance the CyberSift parser with the capability to ingest SWIFT SIL files via Filebeat, broadening data intake options and improving versatility.


SWIFT SIL logs are typically collected via filebeat. A sample filebeat.yml configuration is presented below:


NB: Indentation in YAML files such as the one below is important. Please ensure indentation matches what is presented below:

filebeat.inputs:
- type: filestream
  id: collector-1
  ignore_older: 168h  
  close_inactive: 5m 
  
  paths:
    - C:\swift\sil\log\sil.log
   
  paths:
    - C:\swift\sil\log\sil-tools.log 
    
  paths:
    - C:\swift\sil\log\patch.log

- type: filestream
  id: collector-2
  ignore_older: 168h  
  close_inactive: 5m 
  
  paths:
    - C:\swift\sil\eventlog\sil-event-journal.json
    
  parsers:
    - multiline:
        pattern: '^{'
        negate: true
        match: after
    
# ============================== Max CPUs ==============================

max_procs: 2

# ============================== Filebeat modules ==============================
 
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
 
 # ======================= Elasticsearch template setting =======================
 
setup.template.settings:
  index.number_of_shards: 1
 
# ================================== Outputs ===================================
 
output:
  redis:
        enabled: true
        codec.json:
          pretty: false
        hosts: ["IP.ADDRESS.HERE:6377"]
        key: cybersift_events_swift


processors:
- add_fields:
    fields:
        csIndex: swift
        


Updated network ML algorithms

UI Enhancement: "Discover" Module Update: Revamped the "Discover" user interface to incorporate a comprehensive "Top Terms" inspection feature for any designated field. Diverging from the conventional "Top 5" visualization inherent in OpenSearch's default settings, this upgraded visual:

- Eliminates the constraint of showcasing only the top 5 terms.

- Overcomes the limitation of considering solely the first 500 documents; instead, it encompasses all documents within the selected time frame for analysis.

The new feature can be seen on the top left in the screencast below.

UI Enhancement: "Discover" Module Update

TUTELA Updates:


NEW FEATURE: Cloud Provider Integration With this new feature, TUTELA has increased the following functionality enhancements: 1. Cloud Environment Overview:

Effortlessly access a comprehensive list of servers within your cloud environment, accompanied by their respective IP addresses and a convenient indication of whether the Tutela Agent is installed on them.

2. CIS Benchmark Compliance Check:

Seamlessly verify adherence to the industry-standard best practices outlined by CIS Benchmarks, ensuring robust security and compliance measures are in place across your cloud infrastructure.

3. Multi-Cloud Support:


Extend support to both Azure and AWS environments.




 


Cybersift DORA Tracker

Are your DORA Ready?


We are eager to introduce the CyberSift Dora Tracker represents a cutting-edge assessment tool, conceived internally by our CTO, David Vassallo, with the precise aim of aiding businesses in comprehensively navigating the path to DORA compliance. This innovative solution facilitates a meticulous understanding of DORA's requirements, enabling businesses to effectively map their solutions to the core requisites outlined in the act.

The CyberSift Dora Tracker provides financial institutions:

  • Guidance to all 45 articles and 100+ sub-articles related to DORA

  • Map DORA requirements to the ISO 27001:2022 framework

  • Simplified process with clear insights

  • Download a DORA spreadsheet to monitor your compliance progress

The financial services industry has historically been a prime target for threat actors, with stringent regulatory scrutiny. To meet these challenges, the adoption of the Digital Operational Resilience Act (DORA) introduces added compliance requirements for European financial organization.

 

CyberSift, with a variety of Solutions & Services will assist you in keeping your leveraging these requirements and compliant with DORA regulations that can all be found in the whitepaper below.



Dora White Paper
.pdf
Download PDF • 15.97MB


 

April 2024, top Cybersecurity news from around the globe:

U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers
  • The U.S. Cyber Safety Review Board (CSRB) criticized Microsoft for security failures in the Storm-0558 attack, a breach by China-based hackers.

  • The CSRB found that the intrusion was preventable and became successful due to a "cascade of Microsoft's avoidable errors."

  • The attack resulted in the exfiltration of as many as 60,000 unclassified emails from Outlook accounts.


New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
  • A new vulnerability in the HTTP/2 protocol, called HTTP/2 CONTINUATION Flood, has been discovered by security researcher Bartek Nowotarski.

  • The vulnerability allows attackers to conduct denial-of-service (DoS) attacks by exploiting the CONTINUATION frame in HTTP/2.

  • The attack works by sending a stream of CONTINUATION frames that will not be appended to the header list in memory but will still be processed and decoded by the server or will be appended to the header list, causing an out of memory (OOM) crash.

  • The vulnerability impacts several projects, including amphp/http, Apache HTTP Server, Apache Tomcat, Apache Traffic Server, Envoy proxy, Golang, h2 Rust crate, nghttp2, Node.js, and Tempesta FW.

  • Users are recommended to upgrade affected software to the latest version to mitigate potential threats.

  • In the absence of a fix, it's advised to consider temporarily disabling HTTP/2 on the server.

UK Organizations Lack Cybersecurity Resilience: Only 2% Adequately Prepared
  • The most common cyber threats are relatively unsophisticated, and government guidance advises businesses and charities to protect themselves using a set of "cyber hygiene" measures.

  • Cybersecurity risks are a top concern for organizations, and investment in cyber security controls, training, and incident response can have a meaningful impact on their cyber resilience in the long term.


 

cybersecurity webinar featuring GO plc

Cyber Webinar Series - Final Episode out Now!

Our hosts David Vassallo & Elaine Fenech explore the pivotal role of cybersecurity in the contemporary business landscape.


🔒 Dive into the world of cybersecurity grants for SMEs in Malta with Episode 6 of our CyberSift and GO Business Cybersecurity Webinar Series! Join us as we uncover the various grant schemes designed to enhance cybersecurity posture, with a special focus on the CyberAlt+ scheme.


In this episode, we'll be joined by Andrea Camillieri, Manager (Project Support) at Servizzi Ewropej f'Malta, who will walk us through the online application process. Gain valuable insights into how accessible and straightforward it is for applicants to apply for these grants.





Comentarios


bottom of page