Infographic: Evolution of Hacktivism

Infographic: Evolution of Hacktivism

The Black Lives Matter movement has increased activity from the hacktivist group, Anonymous, and hacktivism overall. Take a look at the evolution of hacktivism below.

Based on the video by Anonymous posted on twitter, see the video here, the group released cyberattacks on the Minneapolis police department and Minnesota State Senate’s servers.

What is Hacktivism?

The act of misusing a computer system or network for a socially or politically motivated reason. Individuals who perform hacktivism are known as hacktivists, according to TechTarget.

Hacktivism is typically non-violent, the tactics used are typically to achieve political, social, or religious justice. The tactics they typically use include:

DDoS – Distributed Denial-of-Service, a tactic used to overload systems and crash a website.
Doxxing – used to leak personal, confidential, or incriminating information against organizations or public figures.
Defacement – a tactic used to deface the data integrity of a website by changing the visual appearance.

Ethical Hackers

It may seem strange, but businesses are using ethical hackers to identify weak points in their cyber defenses, provide valuable insights into the actions of their less ethical counterparts and create better, stronger, and more resilient networks.

If you do not think that a hacker could help your business instead of hurting it, you may want to rethink those assumptions. Here are five business benefits ethical hackers can bring to your organization.

Learn more about how Ethical Hackers can help your business. 

Types of Hacktivism

Hacktivists are typically out for justice and not monetary gain like typical hackers. Instead, Panda Security says they their distinct agenda wages an informational war for political lean, social justice, religious intent, or anarchy.

  • Political: Hacktivism as a form of political mobilization aims to lean or sway the population to the hacker’s agenda.
  • Social: Social justice in hacktivism aims to bring about societal change.
  • Religious: Hacktivism for a religious agenda aims to recruit or disavow a religious entity.
  • Anarchist: Hackers can have an anarchist agenda to access or control civil infrastructure, military equipment, or the general population.

Evolution of Hacktivism

Find Out More About PREtect - our All-in-One Cybersecurity Solutions

Cybriant Announces CMMC Service for DoD Contractors

Cybriant Announces CMMC Service for DoD Contractors

Cybriant announces a new service for Department of Defense contractors in regards to the upcoming Cybersecurity Maturity Model Certification (CMMC).

cmmc compliance

Cybriant, a leader in cybersecurity services, today announced a new service to prepare Department of Defense contractors for the upcoming Cybersecurity Maturity Model Certification (CMMC).

Beginning in the fall of 2020, CMMC compliance will be a prerequisite for all new contracts including prime and subcontractor for the Department of Defense. Any contractor storing or transmitting controlled unclassified information (CUI) will need to achieve Level 3 compliance.

The Department of Defense has defined 5 levels of CMMC compliance, each with a set of supporting practices and processes. To meet a specific level, each contractor must meet the practices and processes within that level and below. The Department of Defense has released the following descriptions of each level of CMMC:

Level 1: Basic Cybersecurity
Level 2: Inclusive of universally accepted cybersecurity best practices
Level 3: Coverage of all NIST 800-171 rev 1 controls
Level 4: Advanced and sophisticated cybersecurity practices
Level 5: Highly advanced cybersecurity practices

CMMC levels

Cybriant is aligned with the new CMMC guidelines and is knowledgeable of all the latest updates concerning CMMC. Our services are mapped to fully account for CMMC requirements levels 1 through 5 and can assist with CMMC certification efforts.

With the coming mandate of CMMC, many companies may be struggling to address the various requirements within the model. Many things have changed between the current standard NIST SP 800-171r1 and CMMC which will require a great deal of work for current contractors.

Cybriant can enable contractors to bridge the gap of missing security controls to help them quickly and efficiently become compliant. Contractors can rely on Cybriant’s strategic and managed services to ensure their security and satisfy CMMC compliance requirements.

While the CMMC Accreditation Board-Certified Auditors is pre-launch, Cybriant has taken the necessary steps to become a Third-Party Assessment Organization (3CPAO) when the program becomes functional in order to assist contractors’ preparation for the upcoming audits.

“CMMC is still in flux and there is a great deal of misinformation,” said Jason Hill, Director of Strategic Services. “Cybriant can provide guidance and operational resources to demystify the preparation process and ultimately achieve CMMC certification.”

For more information on the services provided by Cybriant, please go to

About Cybriant

Cybriant assists companies in making informed business decisions and sustaining effectiveness in the design, operation, and monitoring of their cyber risk management programs. We deliver a comprehensive and customizable set of strategic and managed cybersecurity services. These services include Risk Assessments, vCISO, 24/7 Managed SIEM with LIVE Monitoring and Analysis, 24/7 MDR, 24/7 Vulnerability Scanning with Patch Management. We make enterprise-grade cyber security strategies and tactics accessible to businesses of all sizes. Find out more at

Could an Endpoint Security Service Be Your Secret Cybersecurity Weapon?

Could an Endpoint Security Service Be Your Secret Cybersecurity Weapon?

Should you use an endpoint security service? The quick answer is yes, especially if your workers are accessing any corporate data on potentially unsecured endpoints. Read more about how this simple service could be your secret cybersecurity weapon. 

endpoint security service

I was recently reading over the Forbes article, “Why Securing Endpoints Is The Future Of Cybersecurity” with some very interesting insights from Verizon’s 2020 Data Breach Investigations Report (DBIR). According to the article: 

Verizon’s DBIR reflects the stark reality that organized crime-funded cybercriminals are relentless in searching out unprotected endpoints and exploiting them for financial gain, which is why autonomous endpoints are a must-have today.


After reading the 2020 Verizon DBIR, it’s clear that if organizations had more autonomous endpoints, many of the most costly breaches could be averted. Autonomous endpoints that can enforce compliance, control, automatically regenerating, and patching cybersecurity software while providing control and visibility is the cornerstone of cybersecurity’s future. 


For endpoint security to scale across every threat surface, the new hybrid remote workplace is creating an undeletable tether to every device as a must-have for achieving enterprise scale.


The lack of diligence around Asset Management is creating new threat surfaces as organizations often don’t know the current health, configurations, or locations of their systems and devices. Asset Management is a black hole in many organizations leading to partial at best efforts to protect every threat surface they have. What’s needed is more insightful data on the health of every device.

What is an Endpoint Security Service? 

When you outsource your endpoint security service, you have a team of security analysts that monitor your endpoints 24/7 and filter out false positives. You’ll receive the alerts when relevant threats are detected along with advice and insight from our cybersecurity to help you mitigate and respond to the threat.

MDR or Managed Detection and Remediation is what we have named our endpoint security service. As an extension of your team, our experts will investigate, triage, and remediate security events and provide executive-level reporting. Remediation may reveal dormant or trojan threat actors that evade network and endpoint detection solutions. Our MDR solution includes leveraging the talents of our experienced team as well as next-generation antivirus and EDR tools that utilize AI.

The MDR service from Cybriant will allow you to protect your organization’s data and reduce your threat landscape against the most advanced threats. 

What is an endpoint? 

To put it simply, an endpoint is any device that communicates with the network in which it is connected. Here are some examples of endpoints: 

  • Laptops
  • Desktops
  • Mobile Phones
  • Tablets
  • Servers
  • Virtual Environments

What is the goal of endpoint security? 

According to Gartner, “Organizations investing in endpoint security tools are purposefully moving from an ‘incident response’ mentality to one of ‘continuous monitoring’ in search of incidents that they know are constantly occurring.”

Why do we need endpoint security?

Cybercriminals are leveraging advanced attack toolsets and techniques that can bypass most perimeter security solutions. The tools and techniques that cybercriminals use have outpaced the capabilities of many traditional endpoint security solutions as well. MDR is a cybersecurity technology that addresses the need for continuous monitoring and response to advanced threats.

What is the difference between endpoint security and antivirus?

Endpoint security differs from antivirus in that antivirus cover one single endpoint. Endpoint security covers your entire network and protects against security attacks.

Why outsource the monitoring of endpoint security? 

While endpoint security is a powerful tool that addresses the need for continuous monitoring and response to advanced threats, this tool is often difficult to deploy, manage, and monitor particularly at scale in large to mid-sized organizations.

With Managed Detection and Remediation (MDR), you have a team of endpoint security experts not only utilizing next-generation tools on your behalf, but they are also feeding back information to your organization on how to respond to alerts.  Cybriant’s security team brings together endpoint analysts, incident responders, forensics experts, and security engineers. They understand what normal endpoint activity should look like, when a more thorough investigation is required when to raise the alarm, and how to respond.

FREE 30-Day Trial of MDR from Cybriant

Top Ransomware Threats of 2020

Top Ransomware Threats of 2020

Ransomware (or cyber extortion) is on the rise. In 2020, there has been a spike in the number of reported incidents as well as the amount that cyber hackers are attempting to extort from organizations. It’s important that your organization does every they can to fight these cybercriminals and education is a key piece. Take a look at the top ransomware threats we’ve seen in 2020. 

ransomware threats

2020 has been a roller coaster ride so far, and with all the news coverage of all the events that have impacted us (so far) ransomware has been sneaking into our world at a remarkable rate. Some sources say that ransomware spiked 25% in Q1 2020 over the previous quarter. (source)

Here Are The Top Ransomware Threats in 2020:

  1. Maze
  2. REvil
  4. Tycoon
  5. TrickBot
  6. Qakbot trojan
  7. PonyFinal
  8. Mailto (aka Netwalker Ransomware)
  9. Ragnar Locker
  10. Zeppelin
  11. TFlower
  12. MegaCortex
  13. ProLock
  14. DoppelPaymer
  15. Thanos

Maze Ransomware

According to an FBI advisory to the private sector, “Unknown cyber actors have targeted multiple US and international businesses with Maze ransomware since early 2019. Maze encrypts files on an infected computer’s file system and associated network file shares. Once the victim has been compromised, but prior to the encryption event, the actors exfiltrate data.”

“After the encryption event, the actors demand a victim specific ransom amount paid in Bitcoin (BTC) in order to obtain the decryption key. An international Maze campaign targeted the healthcare sector, while its deployment in the US has been more varied.”

“The FBI first observed Maze ransomware activity against US victims in November 2019. From its initial observation, Maze used multiple methods for intrusion, including the creation of malicious look-a-like cryptocurrency sites and malspam campaigns impersonating government agencies and well-known security vendors. Maze was initially distributed via the Spelevo Exploit Kit which targets known vulnerabilities in Internet Explorer and Adobe Flash such as CVE-2018-8174, CVE-2018-15982, and CVE-2018-4878.”

REvil Ransomware

You may have heard of REvil Ransomware because of a recent breach on media and entertainment lawyers Grubman Shire Meiselas & Sacks. They recently confirmed reports that their firm has fallen victim to a ransomware attack.

Several A-list celebrities that are clients of the law firm have potentially had data leaked on the dark web. Madonna’s tour contract was allegedly leaked. 

A screenshot of a legal document from Madonna’s recent Madame X tour surfaced on the dark web, apparently bearing signatures from an employee and tour company Live Nation.

Another screenshot depicts dozens of computer files bearing the names of celebrities including Bruce Springsteen, Bette Midler, and Barbra Streisand.

Stars such as Robert De Niro, Madonna, Drake, Nicki Minaj, Mariah Carey, Elton John, U2 and Rod Stewart are among those whose personal information may have been compromised.

The attackers have doubled the ransom request to $42 million and threatened to release damaging information on President Trump.

Continue reading

SNAKE (EKANS) Ransomware

Ekans Ransomware is a malware variant that infects industrial control systems to disrupt factory operations until a ransom is paid. Security analysts say that Ekans is a spin-off of Snake Ransomware and has so far infected factories related to the automobile and electronics sector, most notably Honda.

Reports are in that hackers have targeted the Honda servers with a file encryption malware variant dubbed Ekans forcing the company authorities to send the production unit workers to home as the installed automated devices became non-operational.

Although Honda never admitted that its servers were disrupted due to a cyberattack, it did agree that it’s IT infrastructure was down due to unspecified reasons.

“On Sunday, June 7th, 2020, Honda experienced a disruption in a computer network which affected the operations across Europe and Japan. And we are currently investigating and assessing the situation” said a spokesperson in a statement released on June 8th, 2020.

Tycoon Ransomware

A new ransomware strain called Tycoon is seeking to wheel and deal its way into the Windows and Linux worlds, using a little-known Java image format as part of its kill chain.

The ransomware is housed in a trojanized version of the Java Runtime Environment (JRE), according to researchers at BlackBerry Cylance, and has been around since December. Its victims so far have largely consisted of small- and medium-sized organizations in the education and software industries, researchers said, which it targets with customized lures.

“Tycoon has been in the wild for at least six months, but there seems to be a limited number of victims,” the researchers noted, in a posting on Thursday. “This suggests the malware may be highly targeted. It may also be a part of a wider campaign using several different ransomware solutions, depending on what is perceived as more successful in specific environments.”

Trickbot Ransomware

A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware.

Started as a banking Trojan, the TrickBot has evolved to perform a variety of malicious behavior.

This behavior includes spreading laterally through a network, stealing saved credentials in browsers, stealing Active Directory Services databases, stealing cookies and OpenSSH keys, stealing RDP, VNC, and PuTTY Credentials, and more. TrickBot also partners with ransomware operators, such as Ryuk, to give access to a compromised network to deploy ransomware. Read more. 

Qakbot Trojan

Qakbot is a banking trojan that has been active for over a decade and relies on the use of keyloggers, authentication cookie grabbers, brute force attacks and windows account credential theft, among other techniques.

One of the authors of the research regarding the Qakbot trojan explained the following reasons why cybercriminals are relying on trojans such as Qakbot to launch ransomware attacks:

“The ultimate reason is to maximize their profits. Within the past 18 months, Kroll has observed multiple cases where a trojan infection is the first step of a multi-phased attack—hackers infect a system, find a way to escalate privileges, conduct reconnaissance, steal credentials (and sometimes sensitive data), and then launch a ransomware attack from an access level where it can do the most damage. They can make money on the ransom payment and potentially on the sale of stolen data and credentials—plus the stolen data helps force infected companies to pay the ransom.”

PonyFinal Ransomware

Microsoft has warned organizations globally about a new type of data-stealing Java-based ransomware dubbed “PonyFinal”. The tech giant described the malware as human-operated ransomware, which is distributed in an automated way by attackers.

“PonyFinal is a Java-based ransomware that is deployed in human-operated ransomware attacks. While Java-based ransomware is not unheard of, they are not as common as other threat file types. However, organizations should focus less on this payload and more on how it’s delivered,” Microsoft said in a post.

Read more. 

Mailto (aka Netwalker Ransomware)

NetWalker appeared on the scene in mid-2019. Similar to other well-supported ransomware families, the operators target high-value, global, entities. The group’s targets range across multiple industries and span the education, medical, and Government sectors.

As we have seen with Maze, Ragnar, REvil and others, NetWalker harvests data from its targets and is used by the operators as leverage via threats to post or release the data in the event that the target does not comply with their demands. To date, stolen data belonging to twelve different NetWalker victims has been publicly posted. The attackers behind NetWalker campaigns are known to use common utilities, post-exploit toolkits, and Living-off-the-Land (LOTL) tactics to explore a compromised environment and siphon off as much data as possible. These tools can include mimikatz (and variations thereof), various PSTools, AnyDesk, TeamViewer, NLBrute and more.

Over the last few months, we have seen NetWalker transition to a RaaS (Ransomware as a Service) delivery model, which will potentially open up the platform to an increased number of enterprising criminals. More recently, we have observed NetWalker spam campaigns using COVID-19-related lures to entice victims into initiating infection.

Read more. 

Ragnor Locker Ransomware

A ransomware called Ragnar Locker is specifically targeting software commonly used by managed service providers to prevent their attack from being detected and stopped.

Attackers first began using the Ragnar Locker ransomware towards the end of December 2019 as part of attacks against compromised networks.

According to the attackers, one of these pre-deployment tasks is to first steal a victim’s files and upload it to their servers. They then tell the victim that they will release the files publicly if a ransom is not paid.

“Also, all of your sensitive and private information were gathered and if you decide NOT to pay, we will upload it for public view !,” the attackers state in the Ragnar Locker ransom note.

When ready, the attackers build a highly targeted ransomware executable that contains a specific extension to use for encrypted files, an embedded RSA-2048 key, and a custom ransom note that includes the victim’s company name and ransom amount.

Ragnar Locker is specifically targeting remote management software (RMM) commonly used by managed service providers (MSPs), such as the popular ConnectWise and Kaseya software.

Read more. 

Zeppelin Ransomware

Zeppelin is the newest member of the Delphi-based Ransomware-as-a-Service (RaaS) family initially known as Vega or VegaLocker. Although it’s clearly based on the same code and shares most of its features with its predecessors, the campaign that it’s been part of differs significantly from campaigns involving the previous versions of this malware.

The recent campaign that utilizes the newest variant, Zeppelin, is visibly distinct. The first samples of Zeppelin – with compilation timestamps no earlier than November 6, 2019 – were discovered targeting a handful of carefully chosen tech and healthcare companies in Europe and the U.S. In a stark opposition to the Vega campaign, all Zeppelin binaries (as well as some newer Buran samples) are designed to quit if running on machines that are based in Russia and some other ex-USSR countries.

Zeppelin appears to be highly configurable and can be deployed as an EXE, DLL, or wrapped in a PowerShell loader. The samples are hosted on water-holed websites and, in the case of PowerShell, on Pastebin. There are reasons to believe at least some of the attacks were conducted through MSSPs, which would bear similarities to another recent highly targeted campaign that used a ransomware called Sodinokibi.

Read more. 

TFlower Ransomware

The strain dubbed TFlower splashed onto the scene in late July 2019. It infects organizations through unprotected or poorly secured RDP ports. As soon as the furtive infiltration takes place, the ransomware runs a number of commands to disable Volume Shadow Copy Service (VSS) and thereby thwart easy data recovery. When traversing the plagued computers for valuable data to be encrypted, it ignores critical system files and objects stored in the Sample Music folder.

This pest does not modify the names of hostage files. However, when analyzed using a hex editor, every encrypted item turns out to have a “tflower” file marker at the beginning of its deep-level data representation. The ransomware also sprinkles a bevy of rescue notes named “!_Notice_!.txt” across all affected folders. Although TFlower ransomware doesn’t appear to be a particularly sophisticated sample, it encrypts files flawlessly and thus poses a serious risk to companies.

MegaCortex Ransomware

MegaCortex made its debut in May 2019. It mainly targets businesses located in the US, Canada, the Netherlands, and France. According to security experts’ findings, MegaCortex affects enterprise networks previously compromised by notorious info-stealing Trojans called Qakbot and Emotet. This fact suggests that the distribution of this ransomware might rely on backdoors created by other malware in a business ecosystem.

The convoluted infection methodology MegaCortex employs leverages both automated and manual components and appears to involve a high amount of automation to infect a greater number of victims. In attacks we’ve investigated, the attackers used a common red-team attack tool script to invoke a meterpreter reverse shell in the victim’s environment. From the reverse shell, the infection chain uses PowerShell scripts, batch files from remote servers, and commands that only trigger the malware to drop encrypted secondary executable payloads (that had been embedded in the initially dropped malware) on specified machines.

The attack was triggered, in at least one victim’s environment, from a domain controller inside an enterprise network whose administrative credentials the attacker seems to have obtained, in what appears to be a hands-on break in.

The malware’s name is a misspelled homage to the faceless, bureaucratic corporation where the character Neo worked in the first Matrix movie. The ransom note reads like it was written in the voice and cadence of Lawrence Fishburne’s character, Morpheus.

ProLock Ransomware

According to KrebsOnSecurity, Diebold Nixdorf, a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations.

An investigation determined that the intruders installed the ProLock ransomware, which experts say is a relatively uncommon ransomware strain that has gone through multiple names and iterations over the past few months.

For example, until recently ProLock was better known as “PwndLocker,” which is the name of the ransomware that infected servers at Lasalle County, Ill. in March. But the miscreants behind PwndLocker rebranded their malware after security experts at Emsisoft released a tool that let PwndLocker victims decrypt their files without paying the ransom.

Diebold claims it did not pay the ransom demanded by the attackers, although the company wouldn’t discuss the amount requested. But Lawrence Abrams of BleepingComputer said the ransom demanded for ProLock victims typically ranges in the six figures, from $175,000 to more than $660,000 depending on the size of the victim network.

DoppelPaymer Ransomware

The DoppelPaymer Ransomware is the latest family threatening to sell or publish a victim’s stolen files if they do not pay a ransom demand.

A new tactic being used by ransomware operators that perform network-wide encryption is to steal a victim’s files before encrypting any devices. They then threaten to publish or sell this data if the victim does not pay the ransom.

This new tactic started in November 2019 when Maze Ransomware publicly released stolen files belonging to Allied Universal for not paying a ransom.

The most recent victim of the DoppelPaymer Ransomware Gang is the City of Florence, AL. 

Thanos Ransomware

Thanos is the first ransomware family to feature the weaponized RIPlace tactic, enabling it to bypass ransomware protections.

Researchers have uncovered a new ransomware-as-a-service (RaaS) tool, called Thanos, which they say is increasing in popularity in multiple underground forums.

Thanos is the first ransomware family observed that advertises the use of the RIPlace tactic. RIPlace is a Windows file system technique unveiled in a proof of concept (PoC) last year by researchers at Nyotron, which can be used to maliciously alter files and which allows attackers to bypass various anti-ransomware methods.

Beyond its utilization of RIPlace, Thanos does not incorporate any novel functionality, and it is simple in its overall structure and functionality. But this ease-of-use may be why Thanos has surged in popularity amongst cybercriminals, shared with Threatpost.

Protect Your Network from Ransomware with PREtect


Traditional SIEM vs. Next-Generation SIEM

Traditional SIEM vs. Next-Generation SIEM

We often think of the SIEM of the “brain” of the IT network environment, but with news around “next-generation” SIEM, how can a next-gen SIEM improve the benefits and results for your IT security strategy? 

next gen siem

How do you define the traditional SIEM solution?

What is a SIEM?

Security Information and Event Management (SIEM) – A SIEM platform centrally collects data from multiple devices on your network, including your existing security appliances. Through an advanced correlation engine, it is able to proactively identify security events not otherwise detected by standalone security technology.

A SIEM system centralizes logging capabilities on security events for enterprises and is principally used to analyze and/or report on the log entries received. The analysis capabilities of SIEM systems can detect attacks not discovered through other means and can direct the reconfiguration of other enterprise security controls to plug holes in enterprise security. Some of the top SIEM products — assuming an attack is still in progress — can even stop detected security breaches.

Read more SIEM FAQs

Traditional SIEM Solutions

Traditional SIEM solutions focus on collecting and indexing log outputs from applications and devices. These are used to search and find particular log details. Such as for this device search and display all logs for this particular day. Often generating 10s to 100s of pages of information, more (1000 pages) if there is something amiss with the device. SIEMs, therefore, allow additional filter parameters to help refine searches – such as this device at this precise time, or for these types of log event outputs. Typically requires high levels of expertise from the end-user to get filters correct.

SIEMs can correlate the logs from many sources when searching on a device- say by IP address. Great for forensic deep dives for auditing compliance event reporting for instance.

Some SIEMs will also take in-network data- but tend to have difficulty using such information effectively- it can generate a tidal wave of flow data for a device adding 1000s more line items in addition to the log data in a search. Therefore it is seldom used. This is a problem, as the network provides the other half of the needed data to detect the most active threats.


By contrast, what is Next-Gen SIEM?

What features or capabilities do these solutions have in contrast to traditional SIEM?

next-gen siem

Traditional SIEM solutions find information and some provide some analysis helping provide additional info indicating what might be happening. Such as “credential change logged for this user”, or “this user logged in from multiple devices simultaneously”.  However they tend to provide such info with every bit of collected data around that user, or the device in question – so you may see hundreds to thousands of lines of info to sort through to figure out what exactly is happening.

In contrast a Next-Gen SIEM – will ingest both log and flow data – it uses threat models to determine the threats rather than a human brain.

These are complicated models that can detect and match threat behaviors to a particular type of threat such as a DDoS attack vs. a brute force attack, malware infection, APTs loss of credentials, or insider attack. It will leverage but not rely on the proper use of Machine Learning to pick out behaviors that are not normal for the device, application or user, and correlate these events with other rule triggers that can be correlated into a threat model- once a match is found an alert is built that continues to aggregate individual threat behaviors under the Single Line Alert on the UI – this is vs. 100s to 1000s of lines generated by a SIEM beforehand filtering. Better yet this one line tells you the type of threat and the devices and/or user involved and what to do about it.

The best Next-Gen SIEMs will be architected to detect the threats in minutes of becoming active. Stopping Brute force attacks, compromised credentials, and insider threats before critical data is accessed. SIEMs can’t promise this.

next gen siem vs traditional siem

Next-gen Siem is really a different category – This is a brand new concept to the industry a lot of education will need to take place – However that said, the benefits are so compelling that we expect a groundswell of adoption over the next 24 months.

Cybriant offers a next-gen SIEM solution – take a look here that our clients utilize with our Managed SIEM with 24/7 Security Monitoring and Analysis service. This service has broad appeal to 90% of organizations that only have firewalls and some sort of simple endpoint solution which is ineffective at quickly or accurately detecting most of the threats discussed above in today’s dynamic environments.

Considering a Next-Gen SIEM?

Announcing Strategic Partnership with CyGov

Announcing Strategic Partnership with CyGov

Cybriant has entered into a strategic partnership with CyGov. This partnership will help Cybriant enhance their cyber risk management and compliance services. 


(MENAFN – Online PR News) The CyGov platform will enhance Cybriant’s work to design, build, operate, and monitor cyber risk management programs.

Tel Aviv SaaS-based cyber risk platform provider CyGov announced today that it had agreed to a new partnership with Cybriant, which will see the CyGov platform utilized by Cybriant to complement its service offerings.

Cybriant has brought together a team of high-level technology and security service professionals, who design, build, operate, and monitor cyber risk management programs. They give mid-market to lower enterprise organizations the ability to deploy and afford the same cyber defense strategies and tactics as Fortune 100 companies. Cybriant was recently named as one of the Top 200 Managed Security Services Providers for the second year running.

As a partner, the CyGov platform will enhance this work. Utilizing the CyGov platform’s top-level integrated risk management capabilities, Cybriant’s offering will benefit from advantages including live threat intelligence and an automated dashboard providing a bird’s-eye view of an entire organization’s cyber risk posture. As a result, Cybriant will be better positioned to accurately and effectively analyze and assess cyber risks facing its clients.

The CyGov platform offers a variety of solutions which will enhance Cybriant’s cyber risk assessments and ongoing management services. They include CyGov’s third-party risk management solution, to better understand threats from third-party suppliers and partners, which too often go undetected. CyGov’s internal risk and compliance management solution will help alleviate the costly consequences of non-compliance or a breach/attack. Meanwhile, CyGov’s board risk reporting solution will help Cybriant present such risks to clients’ executive teams in the clearest possible way.

CyGov CEO, Yair Solow said ‘We are delighted to have reached an agreement to partner with a leading strategic cybersecurity advisory such as Cybriant. In today’s uncertain environment, businesses can ill afford to become costly victims of cyber attacks. With the unavoidable proliferation of remote working, these risks are perhaps greater than ever. That is why it is crucial that like-minded companies such as CyGov and Cybriant work together towards the shared goal of minimizing cyber risk. I am delighted that the CyGov platform continues to be such a valuable resource in this effort.’

Cybriant Director of Strategic Services, Jason Hill said “We are very excited about this new partnership and the value it will bring to Cybriant customers. Cybriant actively seeks to adopt the best technologies to platform our services. With the CyGov Cyber Risk Management solution, Cybriant will be able to provide our customers with greater visibility and actionable intelligence enhancing their effectiveness in managing cyber risk while reducing their complexity of managing compliance’

About CyGov

CyGov delivers a SaaS-based cyber risk platform that empowers organizations to understand their cyber risks and how best to manage them. The CyGov solution simplifies the entire lifecycle of cyber risk management from assessment, analysis to remediation while providing an innovative visualization approach to overseeing security utilizing integrated threat intelligence. Learn more at

About Cybriant

Cybriant assists companies in making informed business decisions and sustaining effectiveness in the design, implementation, and operation of their cyber risk management programs. Cybriant delivers a comprehensive and customizable set of strategic and managed cybersecurity services that address the entire security landscape. These services include risk assessments and planning, 24/7 Managed SIEM with LIVE Security Monitoring, Managed EDR, Real-Time Vulnerability Scanning, and Patch Management. Cybriant makes enterprise-grade cybersecurity strategy and tactics accessible to the Mid-Market and beyond. Learn more at


Original post: