by Gary Mintchell | Mar 11, 2025 | Security
Rubrik has announced new capabilities to its cyber resilience offerings across cloud, SaaS, and hypervisors including Oracle Cloud Infrastructure, RedHat OpenShift, and more. Its new Identity Recovery for Active Directory and Entra ID addresses the key vulnerability to business operational recovery.
The innovations aim to provide customers with even more ability to anticipate breaches, detect potential threats, and recover with speed and efficiency no matter where their data lives.
Here is a list of new products.
Cloud Posture Risk Management (CPR): CPR addresses the lack of data visibility by automatically discovering and inventorying cloud data assets and identifying unprotected or sensitive data. CPR helps organizations make informed backup decisions and strengthen their overall backup posture by protecting only what truly matters, reducing risk and unnecessary costs.
Oracle Cloud Protection: Rubrik Security Cloud (RSC) is planned to support data protection for Oracle Cloud Infrastructure (OCI) —beginning with Oracle Cloud VMWare (OCVS) workloads and self-managed Oracle DB workloads operating OCI VMs. The solution is designed to enable customers to safeguard their cloud-based environments with the same robust, unified backup and recovery capabilities they rely on for other cloud and on-premises data.
Expanding Data Protection to PostgreSQL: Rubrik recognizes the critical importance of fortifying data defenses across all platforms. According to a recent Rubrik Zero Labs report, attackers are targeting backups in 96% of cyberattacks. By extending coverage to PostgreSQL, Rubrik ensures that one of the world’s most popular open-source databases thrives in the face of evolving digital threats. The comprehensive data security solution provides organizations with the assurance of maintaining data backup, availability, and recoverability.
Red Hat OpenShift Virtualization Data Protection: Sixty-percent of enterprises have adopted Kubernetes, emphasizing the critical need for cyber resilience solutions for their critical workloads. Rubrik’s new OpenShift support marks a significant step in securing these environments with comprehensive, automated, and immutable backups that deliver fast recovery from cyber incidents. Businesses have the flexibility to choose virtualization platforms for critical business processes without compromising manageability or cyber resilience.
Azure DevOps and GitHub Backup: For organizations using continuous integration and continuous development to accelerate innovation, Rubrik now protects Azure DevOps and GitHub with cyber resilient automated backups, granular recovery, extended retention, and robust compliance coverage for critical data stores.
Rubrik Cloud Vault (RCV) for Amazon Web Services, Inc. (AWS): RCV reduces the complexity and cost of managing a highly secure off-site archival location, with flexible policies and/or regions. RCV features immutable, isolated, logically air-gapped off-site backups combined with role-based access controls, advanced encryption, and retention locks to provide unparalleled confidence in data recovery.
Security and Resilience for Microsoft Dynamics 365: Rubrik’s enhanced protection for Microsoft Dynamics 365 aims to ensure businesses can secure their critical operational and customer data within a unified platform.
Sandbox Seeding for Salesforce: An intuitive user experience designed to allow users to select objects and records depending on specific criteria. This process aims to prevent seeding errors by thoroughly analyzing data selection size versus destination size availability before moving data to the sandbox environment. The goal of this solution, planned for 2025, is to save queries for future repetitive use, further expediting the sandbox seeding process.
With the introduction of Identity Recovery, Rubrik delivers the industry’s most comprehensive, automated, and secure solution for protecting hybrid identity environments across Entra ID and Active Directory (AD). Identity Recovery includes orchestrated Active Directory Forest Recovery to rapidly and cleanly restore entire identity environments – eliminating manual complexity and reducing downtime.
Advanced Security Features for Azure & Amazon Web Services, Inc. (AWS): Leveraging advanced machine learning and automation, new capabilities available today include Anomaly Detection, Data Discovery and Classification, and soon, Threat Hunting and Threat Monitoring. These capabilities are designed to work together to proactively detect and mitigate cyber threats, accelerate recovery, and ensure sensitive data remains protected and compliant.
Orchestrated Recovery for Azure VM: Rubrik is planning to extend its Orchestrated Recovery capabilities to the cloud beginning with Azure VM. By enabling customers to automate recovery sequences, schedule regular test recoveries, and generate comprehensive recovery reports, the solution is designed to reduce complexity and minimize the potential for human error.
Turbo Threat Hunting: Unlike traditional methods that scan one object at a time or require navigating multiple panes of glass, Turbo Threat Hunting scans at scale by leveraging pre-computed hashes stored within Rubrik’s metadata. This eliminates the need for file-by-file scanning, allowing organizations to rapidly pinpoint the exact recovery points free from malware or other threats within seconds — even in the most complex data environments. Internal testing found Turbo Threat Hunting scans 75,000 backups in less than 60 seconds.
Enterprise Edition for Microsoft 365: Delivering enterprise-grade security and resilience for Microsoft 365, Rubrik expands its capabilities for organizations to rapidly detect, respond to, and recover from attacks. New capabilities available for Microsoft 365 include Sensitive Data Discovery, which identifies and protects high-risk data before an attack happens, and Prioritized Recovery, which restores critical data first for fast operational recovery. Coming soon, Rubrik’s customers using Enterprise Edition for Microsoft 365 will also be able to add Anomaly Detection, Threat Monitoring, Threat Hunting, and Self-Service Recovery capabilities.
by Gary Mintchell | Mar 10, 2025 | Security
Om Malik recently posted a rant about how unfriendly consumer IoT is to its customers. The goal of almost all suppliers centers on sucking up as much consumer behavior as possible while preventing competitors from interoperating. I may have more on that later.
The rant came my way the day before this news item relating to security of connected devices in manufacturing. Reading Malik’s column, I wondered about the entire manufacturing IoT ecosystem—interoperability, ease of use, ease of adding new device, and, of course, security. In our case it’s not only suppliers sucking data from our systems, it’s also industrial espionage and attacks from outside.
This news discusses how three companies came together recently to devise a solution advance.
CyberArk and Device Authority, in collaboration with Microsoft, have launched a solution that strengthens and scales connected device authentication to enterprise applications with Zero Trust principles. It helps manufacturers reduce cyber risk from connected devices in factory floors and edge environments with robust identity security, automated access management and device lifecycle protection.
The manufacturing industry is rapidly transforming to digital, driven by the coming together of the Internet of Things (IoT) and Operational Technology (OT), with countless devices connected to optimize operations. Each connected device potentially introduces new cybersecurity vulnerabilities. The NIST reference architecture for IoT, introduced in May 2024, provides a structured approach to secure onboarding, continuous device management and threat monitoring across the device lifecycle. The collaboration between Microsoft, CyberArk and Device Authority helps organizations translate this framework into practical, scalable solutions.
Each partner brings essential capabilities to this end-to-end solution architecture for NIST compliance.
- Through Microsoft Azure IoT and Defender for IoT, Microsoft enables secure, scalable device management and real-time monitoring. The cloud-edge integration ensures consistent device security, even in remote, air-gapped environments.
- CyberArk’s modern privileged access management capabilities restrict unauthorized human access to critical devices and systems, enforcing user and device security policies without the need for time consuming, error-prone manual human intervention.
- Device Authority automates secure device onboarding, identity credentialing and encryption, minimizing human error, accelerating incident response and maintaining data integrity through the connected ecosystem.
Further reading
Learn about the importance of protecting your IoT and OT devices from cyber threats.
Learn more about the joint solution with CyberArk, Device Authority, and Microsoft.
by Gary Mintchell | Mar 4, 2025 | Security
News on the cybersecurity front. This component can now be deployed in Class 1 Div 2 environments.
]OPSWAT announced its MetaDefender Optical Diode Din Rail version has achieved Class 1 Division 2 (C1D2) certification. The MetaDefender Optical Diode offers unidirectional data flow, ensuring that sensitive networks remain isolated from potential threats originating from less secure, lower-level networks.
by Gary Mintchell | Feb 21, 2025 | Security
Schneider Electric news from the recent Orlando conference.
Schneider Electric announced new (operational technology) OT cybersecurity functionality for SCADAPack 470i and 474i. Critical infrastructure customers can now securely manage RTU access in harsh environments as easily as they can manage their employees’ email access.
Cyber threats to water and oil and gas pipelines continue to grow. So, controlling access to RTUs in remote and harsh environments is vital to OT security. Yet, managing this can be dangerous and time intensive. The SCADAPack 470i and 474i provides one smart device for all remote control and computer operations. This way, customers can securely manage RTU access using standard IT tools, such as Active Directory, in OT security, including water security and pipeline security.
The combination of a rugged RTU platform with the flexibility of Linux ensures a single SCADAPack 470i or 474i can host edge services, protocols, and applications for efficient OT security for all remote control and computer operations.
SCADAPack 470i and 474i’s role-based access control (RBAC) features also aid in edge cyber regulation compliance. The SCADAPack 47xi integrates with standard IT and OT security tools with support for IP firewall, NAT, DNP3 secure authentication, and more.
by Gary Mintchell | Jan 3, 2025 | Security
OPSWAT Acquires Leader in Advanced Data Diode Technology to Strengthen Cyber Defenses for Critical Infrastructure
Cybersecurity was a top topic for the past couple of years. I anticipate it being a top topic for the foreseeable future. One sub-trend has been market consolidation through acquisition. This news concerns OPSWAT acquiring Fend Inc. to broaden their offering in the Data Diode technology space.
OPSWAT announced its acquisition of Fend Incorporated. Fend is a pioneering data pipeline and cybersecurity company dedicated to securing operational technology (OT) against cyber threats, ransomware, and other evolving risks. Based in Arlington, Virginia, Fend is known for its expertise in protecting U.S. government agencies, utilities, oil and gas, manufacturing, and other critical industries where air-gapped environments are essential for defense against cyber incidents. The announcement establishes OPSWAT as providing the most comprehensive variety of Data Diodes and Unidirectional Gateways in the industry that utilizes proprietary technology like Multiscanning with up to 30 anti-virus engines, Deep CDR for zero-day threats, Sandboxing, and Proactive DLP technologies prevent sensitive data leakage.
Fend’s data diode technology creates a secure one-way communication channel, allowing data to flow from one network to another while physically blocking reverse transmission. This hardware-based approach is valued in high-security environments like defense, industrial control systems, and critical infrastructure, where preventing external access is paramount. Originally reserved for sensitive applications such as nuclear power plants, data diode technology has evolved to become more accessible and affordable, making it a practical solution for industries that require secure online monitoring and predictive analytics. With benefits such as increased operational efficiency, reduced unexpected downtime, and improved staff productivity, Fend’s data diodes offer protection across diverse industrial sectors.
Previous acquisition:
OPSWAT’s industrial OT offerings significantly expanded with its 2021 acquisition of Bayshore Networks. The acquisition of Fend further enhances OPSWAT’s capabilities in both centralized and distributed deployments, providing true cross domain security with connectivity to our MetaDefender Kiosk and MetaDefender Managed File Transfer to help secure solutions for remote assets and smaller facilities, such as water utilities, which have large numbers of endpoints at the edge that still require high security. Fend’s comprehensive connectivity options—accommodating Ethernet, cellular, and even serial connections for older networks—will enable OPSWAT to meet both the demands of emerging technologies such as 5G and Industry 4.0 and the vast landscape of legacy infrastructure around the world. To see the comprehensive options of OPSWAT’s variety of data diodes and unidirectional gateways, you can view the product comparison chart here.
by Gary Mintchell | Dec 23, 2024 | Security
Two topics dominated my inbox this year. AI, of course, was one. Everything cybersecurity was the other. Mostly the various cybersecurity suppliers released a variety of reports and surveys. This report comes from Dragos—the OT Cyber Threat Intelligence Report. I’ll be highlighting a few important notes from the blog post by Abdulrahman H. Alamri.
The third quarter (July – September) of 2024 brought transformative shifts to the ransomware landscape, emphasizing its dynamic and continuously evolving nature. The ransomware threat ecosystem remained highly active in the third quarter, fueled by new groups, rebranding of existing entities, expansion of initial access broker operations, and proliferation of illicitly traded tools. Ransomware operators increasingly demonstrated their ability to pivot in response to disruptions during the third quarter, leveraging technological advancements and strategic realignments to maintain their operations.
This period witnessed a critical shift as dominant groups like LockBit faced significant setbacks due to coordinated international law enforcement actions, including Operation Cronos, which dismantled key infrastructure elements of LockBit. This led to a decline in their activities and forced affiliates such as Velvet Tempest to transition to other groups, including RansomHub.
Concurrently, the ransomware-as-a-service (RaaS) model continued to mature, with an expanded reliance on Initial Access Brokers (IABs) that exploit vulnerabilities, misconfigurations, and stolen credentials that facilitated entry into targeted environments. These brokers acted as force multipliers, enabling ransomware groups to scale their operations by focusing on payload deployment and extortion strategies. In general, this industrialization of ransomware has continuously lowered the barriers to entry for new actors, fostering a competitive and dynamic threat environment, and the third quarter of 2024 was no different.
Adding to this complexity, escalations in geopolitical tensions during the third quarter introduced a new dimension to ransomware threats. Specifically, conflicts in the Middle East and Eastern Europe spurred a rise in hacktivist personas employing ransomware to disrupt industrial operations. Unlike traditional financially motivated ransomware campaigns, these actors appear to prioritize operational sabotage, posing a distinct and potentially catastrophic risk to critical infrastructure.
There is a significant amount of information on the post. If this is your area of concern, you can check it out here.
