Careless insiders are a significant source of IT security threats in their agencies.

Edward Gately, Senior News Editor

March 8, 2019

9 Min Read
Security Roundup
Shutterstock

San Francisco is ground zero for the fight against cybercrime as more than 50,000 attendees, including MSSPs and other cybersecurity providers are at this week’s RSA Conference.

Cybersecurity providers are making the most of the event by announcing new products and services, as well as latest research on threats and strategies for fighting cybercriminals.

Among the announcements were new research by SolarWinds, Optiv’s new service, eSentire’s funding boost, Malwarebytes’ new management console for MSPs, and CrowdStrilke’s mobile device protection.

SolarWinds Gauges Federal Cybersecurity

When it comes to federal government cybersecurity, the risk posed by careless, untrained insiders and foreign governments is at an all-time high, and yet for the most part IT pros feel like their agencies are doing a good job with their IT security.

That’s according to SolarWinds‘ fifth Federal Cybersecurity Survey. In December and January, independent research firm Market Connections surveyed 200 IT security professionals in U.S. federal civilian and defense agencies on behalf of SolarWinds.

To discuss the findings, we spoke with SolarWinds “head geek” Destiny Bertucci.

Bertucci-Destiny_Solarwinds.jpg

SolarWinds’ Destiny Bertucci

“The government has traditionally ‘led the way’ when it comes to cybersecurity, paving the adoption of best practices like those outlined by the National Institute of Standards and Technology (NIST) framework,” she said. “However, as our newest federal cybersecurity study shows, the people piece of security is still the weakest link, despite the commitment to following these types of regimens.”

Fifty-six percent of respondents believe careless insiders are a significant source of IT security threats in their agencies, compared to 42 percent five years ago when SolarWinds first ran this survey.

“And much of this came from contractors,” Bertucci said. “This mostly centered around ‘oopsies’ like inadvertently sharing data or passwords. The government certainly isn’t alone in this challenge and the need for increased education and training is clear, in addition to more stringent monitoring and access rights management.”

In addition, perceived threats from foreign governments have gone up, with more than one-half (52 percent) of survey-takers calling them significant threats, compared to 34 percent five years ago. Nation-state actors are leveraging the democratization of technology like the rest of the bad guys, and the ability to effectively fight them is requiring more and more sophisticated approaches.

“MSSPs and cybersecurity providers can play a key role in helping to plug some of the gaps identified in the survey,” Bertucci said. “The shift to a hybrid IT environment is something we’re seeing more and more of across larger enterprises who are quickly realizing they need some help. In addition, it’s important to remember that many agencies operate much like a SMB, working with tight budgets and reduced staff. Partnering is an excellent model to ensure the most efficient and effective cybersecurity defenses.”

When it comes to contractors, about half of respondents agreed that better security training, multifactor authentication, restricted device use and better data/systems monitoring are needed to help reduce that risk, she said.

“This is where providers can come in to help deliver these types of services and technologies,” Bertucci said. “There’s always more to do because the challenges associated with cybersecurity aren’t going away. The best thing that cybersecurity partners can do to help protect government agencies is …

… to first and foremost – listen – and understand what they need. Security isn’t a one-size-fits-all model.”

Respondents believe their organization’s tools, policies and practices are effective at reducing risk based on Center for Internet Security (CIS) framework controls. Improved strategy, a concerted effort to apply security best practices, end-user security awareness training, and intrusion detection and prevention tools all contributed to the successful risk management of threats posed by careless insiders.

Key contributors to risk management of threats posed by malicious insiders include employee background checks, patching and network traffic encryption.

“The most important thing that any enterprise, government or commercial, can do to help thwart the threats posed by careless and untrained insiders is to remember to pay attention to the basics,” Bertucci said. “Fundamentally, good cyber hygiene and training are going to go the farthest to help keep both the true bad guys and what we could call accidental hackers at bay. This is why the NIST framework and CIS critical security controls (developed by the SANS Institute) are so valuable to learn proper techniques to help us stay ahead of the bad guys while educating our teams and users within.”

Optiv Unveils Risk Transformation Service

Optiv Security has launched a new service designed to help organizations develop cybersecurity programs and manage risk.

Designed to enable clients globally to better evaluate current risk against acceptable risk, Optiv’s Risk Transformation Service offers two options:

  • The Enterprise Risk Transformation Service helps organizations execute on risk transformation based on business objectives, results of an existing strategy or assessment, and a list of desired improvements or future mode of operation. This service includes program management, quality assurance and oversight over all or parts of a transformation or remediation initiative.

  • The Quickstart Risk Transformation Service enables midsize organizations to get started with a risk-centric model for cybersecurity and helps them in the first steps of executing their transformation road map. Optiv helps these clients set and execute a strategy, engaging with them from start to finish.

Dustin Owens, Optiv’s vice president and general manager of risk and compliance advisory, tells us one of the outcomes of the service is a “streamlined security and risk program.”

Owens-Dustin_Optiv.jpg

Optiv’s Dustin Owens

“Most organizations aren’t fully using the technologies they’ve bought to help secure their critical data,” he said. “When those tools aren’t being utilized, there’s a significantly greater risk of decreased customer satisfaction and the technology either being replaced or pulled out of the environment entirely. Our [service] helps increase greater adoption of tools by identifying features and functionality of solutions and mapping them to technologies that clients may already have in place, but which they may not be utilizing to decrease operational risk. Finding these areas of improvement helps partners increase the ‘stickiness’ of their solutions.”

The service may also uncover gaps that may be corrected with solutions a client may not have, Owens said.

“Any partner could benefit based on the needs identified through the service, but integrated risk management (IRM) solutions will see the biggest impact,” he said. “Without a platform to run the program, the result isn’t a true IRM program.”

eSentire Gets $47 Million Funding Boost

eSentire has raised an additional $47 million in funding led by majority investor Warburg Pincus and minority investors Georgian Partners and Edison Partners.

eSentire said it plans to use the money to …

… accelerate its innovation in managed detection and response (MDR) with artificial intelligence (AI).

Braden-Chris_eSentire.jpg

eSentire’s Chris Braden

Chris Braden, eSentire’s vice president of global channels and alliances, tells us the latest round of funding will “enable us to continue our rapid and focused investment in our partner programs, portals and platforms that drive automation to make delivering solutions to customers more effective and efficient for our partners.”

“Our partners play a key role in our go-to-market strategy and driving innovation in our programs,” he said. “They represent access to numerous markets – horizontal, vertical and geographies – as well as [the ability to] enable scale and efficiency. Innovation can be seen in our partnerships with Sumo Logic, Carbon Defense and a soon-to-be-announced product with Cyxtera.”

Organizations are adopting MDR to process massive amounts of data, providing full threat visibility and response to protect their assets, according to the company.

eSentire also announced esINSIDER, a new cloud-based AI engine that proactively hunts long-term, sophisticated adversaries and insider threats within customers’ environments. eSentire’s 400-plus security engineers paired with esINSIDER deliver detection and disruption of insider and persistent threats, protecting customers and their digital assets.

Malwarebytes Unleashes OneView

Malwarebytes has launched a new management console for MSPs to protect, monitor and remediate their customer bases.

Initially piloted in Australia, Malwarebytes OneView represents a new segment of growth for the company, expanding its portfolio to MSPs looking to expand their security capabilities. By incorporating Malwarebytes’ offerings into an existing services portfolio, providers can increase their customers’ security postures, while cost-effectively maintaining control of their operating margins, the company said.

“Our MSP product expansion is the natural next step for Malwarebytes as we continue to experience rapid adoption across a wide array of customers,” said Barry Mainz, Malwarebytes’ chief revenue officer. “Our end-user evangelists often are the ones to bring Malwarebytes into organizations, and by partnering with MSPs, we make enterprise solutions easier to deploy and manage more than ever before.”

“As an IT services provider, we were noticing that our customers were facing increasingly sophisticated attacks that were very costly for our team to remediate, and our existing tools weren’t cutting it,” said Graeme Wilson, network operations manager at Sentrian. “Malwarebytes has enabled us to eliminate the time and cost of remediation. During our pilot with Malwarebytes, we were impressed with the protection, visibility and ease of management provided, in addition to competitive pricing, customizable services and excellent support to give us a competitive advantage.”

CrowdStrike Unveils EDR Offering for Mobile Devices

CrowdStrike this week announced Falcon for Mobile, an enterprise endpoint detection and response (EDR) solution for mobile devices.

Based on CrowdStrike’s EDR technology for enterprise endpoints, Falcon for Mobile enables security teams to hunt for advanced threats on mobile devices and provides visibility into malicious, unwanted or accidental access to sensitive corporate data, while protecting user privacy and without impacting device performance.

The mobile solution also integrates Falcon threat intelligence to provide guidance in mobile threat-hunting activities, and Falcon OverWatch to proactively hunt for threats on mobile devices around the clock.

“We continue to expand the capabilities of the CrowdStrike Falcon platform, leveraging its cloud-native architecture built to protect the endpoint and stop the breach on every platform — workstations, servers, cloud workloads, containers, and now also mobile devices,” said George Kurtz, CrowdStrike’s co-founder and CEO. “With today’s announcement of Falcon for Mobile, customers will be able to leverage the industry-leading features of the CrowdStrike Falcon platform – EDR, managed threat hunting, single agent architecture, and massive threat telemetry – to effectively defend enterprise mobile devices.”

Read more about:

MSPs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like