Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Steps forward

 

Guest essay: A roadmap for how — and why — all MSSPs should embrace live patching

By Jim Jackson

Patch management has always been time-consuming and arduous. But it gets done, at least to some degree, simply because patching is so crucial to a robust cybersecurity posture. Patch programs are rarely perfect though, and imperfect patching arguably enables successful cybersecurity breaches – it’s an ever-growing concern for countless IT teams.

Related: MSSPs shift to deeper help

Managed Security Service Providers (MSSPs) do their best to patch their client’s systems while also juggling a long list of other tasks associated with developing, monitoring, and maintaining their client’s overall security and compliance program.

The resources an MSSP can dedicate to patching are, however, limited: MSSPs operate within a fixed client servicing budget, and no client will accept being billed whenever a vulnerability needs to be patched.

To patch or not to patch?

It poses a huge conundrum for MSSPs: patching everything everywhere sounds like a great idea because, after all, a single failure to patch can lead to a breach. Thorough patching means secure client systems. But patching that thoroughly isn’t economical. Some vulnerabilities are more critical – and some systems are more central to operations than others.

There is a balance to strike, but choosing where to prioritize is a tough call. Absent a game-changing technology the best solution would be to simply throw more resources at the patching problem, but that would drive up costs for MSSPs which could lead them to become uncompetitive.

RSAC Fireside Chat: Here’s why companies are increasingly turning to MSSPs for deeper help

By Byron V. Acohido

Managed Security Service Providers, MSSPs, have been around for some time now as a resource to help companies operate more securely.

Related: CMMC mandates best security practices

Demand for richer MSSP services was already growing at a rapid pace, as digital transformation gained traction – and then spiked in the aftermath of Covid 19. By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.

At RSA Conference 2023 , which gets underway next week at San Francisco’s Moscone Center, I expect that there’ll be buzz aplenty about the much larger role MSSPs seem destined to play.

I had the chance to visit with Geoff Haydon, CEO of Ontinue, a Zurich-based supplier of a managed extended detection and response (MXDR) service. We discussed the drivers supporting the burgeoning MSSP market, as well as where innovation could take this trend.

Guest expert: Geoff Haydon, CEO, Ontinue

For its part, Ontinue is leveraging Microsoft collaboration and security tools and making dedicated cyber advisors available to partner with its clients. “Microsoft has emerged as the largest, most important cybersecurity company on the planet,” Haydon told me. “And they’re also developing business applications that are very conducive to delivering and enriching a cyber security program.”e

I covered Microsoft as a USA TODAY technology reporter when Bill Gates suddenly ‘got’ cybersecurity, so this part of our discussion was especially fascinating. For a drill down, please give the accompanying podcast a listen. Meanwhile, I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

RSAC Fireside Chat: Cybersixgill crawls the Dark Web to uncover earliest signs of companies at risk

By Byron V. Acohido

Adopting personas and rubbing elbows with criminal hackers and fraudsters is a tried-and-true way to glean intel in the Dark Web.

Related: In pursuit of a security culture

It’s not at all unusual to find law enforcement agents and private sector threat intelligence analysts concocting aliases that permit them to lurk in unindexed forums, vetted message boards and encrypted code repositories.

This boots in the underground approach, of course, has its limitations.

At RSA Conference 2023 , which gets underway on Monday, Apr. 24, at San Francisco’s Moscone Center, the latest innovations in gathering and leveraging intel — at a scale that can make a material difference — will be in the spotlight.

I had the chance to visit with Delilah Schwartz, security strategist at Cybersixgill, a Tel Aviv-based cybersecurity company that supplies this type of threat intelligence.

Guest expert: Delilah Schwartz, security strategist, Cybersixgill

We discussed how her company is leveraging essentially the same automated crawling tools and techniques used by the big search engines to gather and supply actionable threat intelligence to its customers.

“We gain fully automated access to these very difficult to navigate Dark Web platforms, extract that useful intel, analyze it using AI and ML, and then we translate that into concrete insights in our data lake,” Schwartz says.

For a drill down, please give the accompanying podcast a listen. Good intel can only help inform smarter, more effect network defenses – and ultimately reinforce resiliency.

I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

 

RSAC Fireside Chat: How timely intel from the cyber underground improves counter measures

By Byron V. Acohido

Good intelligence in any theater of war is invaluable. Timely, accurate intel is the basis of a robust defense and can inform potent counterattacks.

Related: Ukraine hit by amplified DDoS

This was the case during World War II in The Battle of Midway and at the Battle of the Bulge and it holds true today in the Dark Web. The cyber underground has become a highly dynamic combat zone in which cyber criminals use engrained mechanisms to shroud communications.

That said, there are also many opportunities for companies to glean and leverage helpful intel from the Dark Web. As RSA Conference 2023 gets underway next week at San Francisco’s Moscone Center, advanced ways to gather and infuse cyber threat intelligence, or CTI, into fast-evolving network defenses is in the spotlight.

I had the chance to visit with Jason Passwaters, CEO of Intel 471, a US-based supplier of cyber threat intelligence solutions.

Guest expert: Jason Passwaters, CEO, Intel 471

We discussed how the cyber underground has shifted from being perceived as deep and dark to a well-organized world with defined business models, supply chains, and relatively low barrier of entry.

“As the cyber underground becomes more sophisticated, the level of threat increases exponentially for legitimate businesses and nation-states,” Passwaters told me. “The underground is now the domain of organized cybercriminals with clear hierarchies and targeted revenue goals.”

Intel 471 directs comprehensive threat intelligence at identifying, prioritizing and preventing cyber attacks. For a full drill down, please give the accompanying podcast a listen. Good intel in warfare can’t be overstated. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

RSAC Fireside Chat: ‘Protective DNS’ directs smart audits, automated remediation to IP addresses

By Byron V. Acohido

Domain Name Service. DNS. It’s the phone directory of the Internet.

Related: DNS — the good, bad and ugly

Without DNS the World Wide Web never would never have advanced as far and wide as it has.

However, due to its intrinsic openness and anonymity DNS has also become engrained as the primary communications mechanism used by cyber criminals and cyber warfare combatants.

If that sounds like a potential choke point that could be leveraged against the bad actors – it is. And this is where a fledgling best practice —  referred to as “protective DNS” – comes into play.

What has happened is this: leading security vendors have begun applying leading-edge data analytics and automated remediation routines to the task of flagging DNS traffic that’s clearly malicious.

Guest expert: David Ratner, CEO, HYAS

One sure sign that protective DNS has gained meaningful traction is that Uncle Sam has begun championing it. Last fall the U.S. Cybersecurity & Infrastructure Security Agency (CISA) began making a protective DNS resolver availabile to federal agencies.

With RSA Conference 2023 taking place at San Francisco’s Moscone Center next week, I had the chance to visit with David Ratner, CEO of Vancouver, Canada-based HYAS, security company whose focus is on delivering protective DNS services. Ratner explains what protective DNS is all about, and why its widespread adaption will make the Internet much safer.

For a full drill down, give the accompanying podcast a listen. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

RSAC Fireside Chat: Extending ‘shift left’ to achieve SSCS — ‘software supply chain security’

By Byron V. Acohido

One of the nascent security disciplines already getting a lot of buzz as RSA Conference 2023 gets ready to open next week at San Francisco’s Moscone Center is “software supply chain security,” or SSCS.

Related: How SBOMs instill accountability

Interestingly, you could make the argument that SSCS runs counter-intuitive to the much-discussed “shift left” movement. I think it’s fair to say, at the very least, SSCS extends shift left a bit more to the right.

Shift left advocates driving code testing and application performance evaluations as early as possible in the software development process.

By contrast, SSCS vendors are innovating ways to direct automated inspections much later in DevOps, as late as possible before the new software application is deployed in live service.

Guest expert: Matt Rose, Field CISO, ReversingLabs

I had the chance to visit with Matt Rose, Field CISO at ReversingLabs, which is in the thick of the SSCS movement. We discussed why reducing exposures and vulnerabilities during early in the coding process is no longer enough.

“True software supply chain security is about looking at the application in a holistic way just prior to deployment,” Rose observes. “Most software supply chain issues are novel, so looking for problems too early, before the code is compiled, won’t tell you much.”

Like everyone else, SSCS solution vendors are leveraging machine learning and automation – to focus quality checks and timely remediation in very specific lanes: on open-source components, microservices containers and compiled code, for instance. For a drilll down please give a listen to the accompanying podcast.

I’m looking forward to attending RSAC in person, after a couple of years of remote participation. No doubt there’ll be some thoughtful discussion about how best to protecting software in our software defined world.

I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make … more

GUEST ESSAY: The role advanced ‘VM’ is ideally suited to play in combating modern cyber attacks

By Chandrashekhar Basavanna

Modern cyber attacks are ingenious — and traditional vulnerability management, or VM, simply is no longer very effective.

Related: Taking a risk-assessment approach to VM

Unlike a typical cyber attack that exploits a software vulnerability, recent cyber attacks exploit other security risks, such as misconfigurations, security deviations, and posture anomalies. But VM vendors tend to focus more on software vulnerabilities and leave out everything else.

SecPod’s research shows some 44 percent of the total vulnerabilities in a typical IT infrastructure don’t have a Common Vulnerabilities and Exposure (CVE) designation.

The consequences of a cyber attack can be devastating; from a rapid drop in brand reputation to loss of business and sensitive data. Cyber attacks can also invite lawsuits and can even be fatal.

In addition to real-time protection, effective VM can also help with compliance at a time when data security rules are increasing in regulatory policies like NIST, PCI, HIPAA and GDPR.