Successful companies are doing simulated attacks with their SOC teams monthly.

Edward Gately, Senior News Editor

January 13, 2020

10 Min Read
Cybersecurity Roundup, security roundup

The threat of Iran turning to cyberattacks on the United States could pose additional challenges and create new opportunities for MSSPs and other cybersecurity providers.

Tom Kellermann, head cybersecurity strategist at VMware Carbon Black and former cybersecurity commissioner for President Obama, told GlobalData he anticipates “significant and at times very serious cyberwarfare activity from Iran over the next few weeks.”

“I do think that this will be prolonged, that the cyberattacks against the United States will be prolonged,” he said. “They will mimic more of an insurgency than one-off massive attacks due to the nature of which Iranians have successfully burrowed into numerous U.S. critical infrastructures over the past couple of years, specifically in energy, and that backdoor and that footprint on those systems has yet to be fully eliminated.”

Debbie Gordon, CEO of Cloud Range Cyber, tells us it’s certainly possible that there will be an increase in attacks.  There are specific industries that may be bigger targets, including financial, telecom and energy, especially with threats to critical infrastructure. Common threats may also focus on website defacement as well as attacks where data is deleted, she said.

So how can companies know if they have adequate protections in place?


Cloud Range Cyber’s Debbie Gordon

“Determine your security posture, including people, process and technology,” Gordon said. “Most companies focus too much on technology and overlook the other two. You don’t know what you don’t know; therefore, practice and see. Simulate cyberattacks in a protected environment using a cyber range ensures that everyone, from security analysts all the way to the CEO, know exactly what to do and how to do it. Traditional tabletop exercises are not enough; simulation needs to start before a threat is even detected.”

Successful companies are doing simulated attacks with their security operations center (SOC) teams once per month using different attack scenarios to ensure that they are prepared for any type of threat, whether it is ransomware, website defacement, man in the middle, or a SQL injection attack, she said. Additionally, given that there are unknown threat vectors, analysts need to practice critical thinking in order to be prepared for the unknown.

“Because of the growing threat landscape, MSSPs can focus on increasing their understanding of potential threats, by practicing detection response and remediation to the increasing threat landscape,” Gordon said. “New and persistent threats from state actors and others constantly challenge MSSPs with continuing to develop the skills of their blue team operators that are tasked with protecting and securing the assets of their customers. The more they can be prepared, the more confident their customers will be. MSSPs should practice realistic simulation exercises using a cyber range in order to practice detection response and remediation. In a simulated environment, they can measure improvements on detection and response times, which will give customers confidence that they are staying ahead of the increasing challenges.” 

Additionally, successful MSSPs should work with their customers to simulate the handoff depending on where the MSSP’s responsibility ends and the customer’s begins — in terms of response and remediation, she said. They should simulate the handoff and ensure that the response and remediation, if that is the customer’s responsibility, is also to practice closing the loop on the entire threat, she said.

Aside from having necessary technology and processes in place, the primary roadblock affecting most organizations continues to be the growing cybersecurity skills shortage and …

… the lack of skilled cyber operators, Gordon said.

“MSSPs that are able to provide leading edge toolsets, IR processes, and are focused on hiring, upskilling and retaining highly qualified and specialized operators can significantly enhance their customers security posture, thus enabling customer organizations to better prepare for future attacks,” he said. “It is imperative that MSSPs have ongoing training programs for their analyst in order to keep them challenged and prepared as well as retain them in the competitive environment.”

Drew Lydecker, Avant‘s president and co-founder, tells us with cyberwarfare there’s not just one silver bullet, but lots of them.

“Trusted advisers are training day in and day out with the latest and greatest technology to provide a level of service that no company can do on their own,” he said. “No company is out there trying to find the bad guys proactively because they don’t have the manpower or capabilities, but MSSPs are doing exactly that. From their breadth of customers, they are able to proactively hunt for threats, seeing the trends and predicting the types of threats that pose a risk to their customers. Having a trusted adviser on standby will help ensure that companies are more proactively preparing their security stack for the inevitable breach and have a strong disaster recovery plan in place to significantly minimize the impact of a breach.”

The biggest mistake in cybersecurity is following the status quo, Lydecker said. The playbook is no longer relevant and old tactics are putting companies and their customers at risk, he said.

“While the trusted adviser and MSSP movements are the smartest and most holistic ways to avoid and prevent cyberattacks, it’s also important to use common sense,” he said. “It’s also time to double down on physical security when hardware is based on-prem. It’s similarly critical to make sure that your teams are fully trained to avoid phishing attempts and other tactics to gain access to your networks.”

Darktrace Expands Email Security

Darktrace has expanded its platform to cover additional email systems including G Suite and Microsoft Exchange.

Antigena Email, launched a year ago for Office 365, has proven a “powerful defense” against a wide variety of digital fakes, as well as account hijacking, email spoofing and targeted email attacks, the company said.

Darktrace’s AI forms an evolving understanding of normal user behavior across a business’ digital infrastructure, combining users’ network patterns and browsing behavior with email communications and identity metrics for each individual in an organization.

Armed with this knowledge, Antigena fights back against email-based threats that bypass tools which only analyze email traffic, the company said. These include supply chain attacks, hijacked accounts, AI attacks, and other advanced forms of targeted attacks.

Mariana Pereira, Darktrace’s director of email security products, tells us this expansion will be a “huge opportunity” for her company’s partners.


Darktrace’s Mariana Pereira

“Email security has been the unsolved piece of the security puzzle, with threats consistently bypassing most legacy security tools that rely on rules or signatures, or which are limited in their ability to only analyze email traffic,” she said. “Many organizations are still on the search for an email product that will enable them to stay one step ahead of increasingly advanced attacks. With this offering, our partners can now offer their customers the power of AI-powered threat detection and autonomous response across an entire digital business, including cloud, IoT devices, industrial control systems, Office 365, G Suite and Microsoft Exchange.”

Since Darktrace announced Antigena Email for Office365 at RSA last March, adoption across its customer base has been “tremendous,” Pereira said. Many customers already have expressed interest in G Suite and Exchange offerings following internal customer communications, she said.

“I anticipate our partners will also see …

… high levels of interest in this exciting new technology,” she said. “This expansion to G Suite and Microsoft Exchange means that more companies will be able to leverage this novel approach. In the face of increasingly advanced and targeted attacks, more and more companies are realizing that this type of intelligent security is critical in enabling them to stay one step ahead of attackers.”

SMBs Ignoring Cybersecurity When Adopting AI

From inventory management, data analytics, office assistance and more, AI can take on a massive role, even within the smallest businesses.

However, Zix-AppRiver’s Q4 2019 CyberThreat Index for Business Survey revealed that education around this technology is clearly necessary prior to widespread implementation among SMBs. The survey polled more than 1,000 cybersecurity decision makers within U.S. SMBs and covering a diverse range of industry sectors.

While 88% of the SMB leaders reported high levels of interest in adopting AI within their business, 70% of those interested leaders were not aware of potential cybersecurity risks that could accompany its use. The survey also revealed:

  • Fifty-four percent of all SMBs interested in AI will move forward with adoption despite the known risks, as they believe the benefits outweigh the risks.

  • Eighty-two percent of SMBs in the sensitive government sector were unaware of security risks associated with AI, but more than half of them still plan to adopt regardless.

  • Thirty-two percent said they already are aware that AI carries potential cybersecurity risks, but will move forward with adoption as they believe the potential benefits and opportunities outweigh the risks.

  • Including those who are currently unaware of AI security risk potentials but are eager for its adoption regardless, 62% of all who are interested will continue to consider AI adoption in spite of its potential risks.

  • In each of 14 key verticals represented in the survey, IT decision makers who plan to pursue AI adoption in spite of its security risks outnumber those who would reconsider because of the risks.

Troy Gill, manager of security research at Zix-AppRiver, tells us there is potential for risk associated with just about any AI implementation. An AI system that is being relied upon for cybersecurity purposes also is not devoid of risk, he said.


Zix-AppRiver’s Troy Gill

“One example of this is something we have observed for nearly two decades now, poisoning Bayesian machine learning (ML) email classifiers and more recently with neural networks,” he said. “This is a risk presented by an adversary that, when successful, can significantly degrade the accuracy of a classifier, which in this case is providing a security control. In a system that is overreliant on this classification, it could lead to false negatives and misclassified threats. Manipulating the inputs of the training set in an ML system could have nearly endless possibilities as AI/ML is adopted for many different uses. In many cases these AI systems are given the role of decision maker, and in a situation like the one described above it can begin making incorrect decisions which, if not closely monitored, can go undetected for a long time.”

Also, the training sets and models themselves often can contain a large amount of private data that needs to be closely guarded as it potentially could provide an attacker with a trove of sensitive data, Gill said.

So what should SMBs be doing to protect themselves while implementing AI? 

“Be careful not to give too much decision-making power to an AI system and create a single point of failure,” Gill said. “Ensure that proper oversight is in place to ensure the system is performing optimally. Guard data sets used by AI heavily to avoid unintended exposure of the large data sets.”

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like