[Column] Brandon Rochat: Extending XDR to the Cloud

Can you rely on the big providers for detection and response in a cloud-first world? Looking back, organisations once relied on internal networks with internal applications. But as companies began to invest in their cloud journeys, moving applications and data online, the need for extended detection and response – or XDR – became apparent.

The evolution of detection and response has gone from signature-based anti-virus solutions (AVs) to intelligence-based or next-generation AVs at the EPP layer. The DR layer has become increasingly complex using technology like artificial intelligence, machine learning, big data analysis, automation and security threat feeds in the background to stay ahead of threat actors.

Detection and response has gained a lot more intelligence over the years because our adversaries have gained more intelligence. Companies need to be just as many steps closer to cybercriminals – or beyond them – when it comes to detecting and responding.

But it is not cloud which is changing detection and response: The concept of detection and response doesn’t change whether you’re on-cloud or on-network, it’s where the customers are moving to that matters most. What many businesses fail to realise is that being in the cloud isn’t more secure or cheaper.

As companies shift their core applications, data and workloads to the cloud, they will still need to invest in detection and response solutions, solutions that reduce the time it takes to investigate and recover from enterprise-wide cyberattacks. 

Most big cloud providers have a shared responsibility model. What this means is that your security team still maintains some level of responsibility. The cloud provider will physically secure your technology and equipment but not necessarily your data. If you don’t read the Ts and Cs, you may be caught out.

What is the responsibility of the cloud provider and what responsibility lies with the end user, your security team, your CISO?

While the cloud is secure, detection and response remains critical, especially when it comes to compliance (be it GDPR or even the POPI Act). Data needs to be protected in accordance with laws and industry standards and extending detection and response to the cloud in today’s security landscape requires XDR – being able to succinctly analyse different threat feeds as quickly as possible in order to deliver the right information to security analysts.

We call it a malicious operation. It doesn’t make a difference where the data is coming from – firewalls, a cloud application, an internet of things device – it’s how you deal with it. When you partner with the right people, detection and response is not a difficult part of the cloud journey. When business operations move to the cloud, it’s important to question how security operations will become affected. What will your security landscape look like?

As cybercriminals become smarter, the security landscape becomes more complicated. Defending an organisation against threat actors is increasingly complex when the perimeter keeps shifting. While the coronavirus created a perimeter shift with so many people working from home, cloud started the concept.

The perimeter is getting further and further away from traditional security. Firewalls are no longer the most important security piece in your network. The endpoints are becoming a bigger problem – they’re evolving and no longer sit inside a traditional network. It’s creating complexity, not necessary for the security industry but for companies who have taken their data to the cloud.

Ultimately, XDR is not just for the cloud. It is for anywhere that there is an endpoint connected that could be a threat because the endpoint is anywhere the user is. This is also why companies like Google, are collaborating with and investing in external security vendors to improve their detect and response capabilities.

It is complex, especially if you’ve been working with legacy security solutions that can’t walk that cloud journey with you. But it is important to remember that the cloud is just a journey that corporates and customers are moving towards. Detection and response needs to follow.

Brandon Rochat is the sales director for Africa at Cybereason.

[South Africa] Google Cloud and Cybereason Join Forces to Drive XDR Innovation

Cybereason, a leader in operation-centric cyber attack protection, and Google Cloud have announced a joint collaboration between the two companies to create and bring to market unprecedented Extended Detection and Response (XDR) across endpoints, networks, cloud and workspaces at record-setting speed.
 
Cybereason delivers the most comprehensive protection available on the market today, analysing more than 23 trillion security-related events per week — five times the volume of any other solution in the market. Using its patented Malicious Operations (MalOps™) engine, Cybereason reveals the full attack story across every device, user identity, application and cloud deployment.
 
Meanwhile Google Cloud’s cybersecurity analytics platform Chronicle ingests, normalises, and analyses petabytes of data from the complete IT environment on planetary-scale infrastructure.
 
The combination of these capabilities delivers a cloud-native XDR solution, Cybereason XDR powered by Chronicle, that automates prevention for common attacks, guides analysts through security operations and incident response, and enables threat hunting with precision at a pace never before achieved.
 
“Google Cloud’s ability to hunt through petabytes of data at the speed of search, combined with Cybereason’s revolutionary correlation capabilities and behavior-based detections delivers unparalleled speed and accuracy in the prevention, detection, and response of advanced attacks,” said Cybereason CEO and co-founder Lior Div.
 
“We founded Cybereason with a mission to reverse the attacker’s advantage and return the high ground to the defender, and we are excited to have Google Cloud partner with us in furthering the success of this mission.”
 
Cybereason has succeeded in protecting customers and experienced impressive growth over the last year, being recognised as a leading innovator by respected third-party organisations.

Where many solutions failed, Cybereason protected customers from headline-making attacks like SolarWinds, the Microsoft Exchange Server attacks, and crippling ransomware attacks from DarkSide, REvil and other ransomware gangs.
 
That level of protection is why Cybereason was recognised on the CNBC 2021 Disruptor 50 list, and received top scores across every aspect of testing in the MITRE Engenuity ATT&CK Evaluations.
 
“Google Cloud is dedicated to delivering the industry’s most trusted cloud to accelerate customers’ digital transformation efforts with security products that meet them wherever they are. Cybereason continues to disrupt the market and deliver on their vision for a future-ready extended detection and response defense platform,” said Thomas Kurian, CEO, Google Cloud.
 
“We’re excited to partner with Cybereason to help customers quickly secure their hybrid and cloud environments with the combined capabilities of Google Cloud and Cybereason’s XDR services.”

www.cybereason.com

Cloud usage drives cybersecurity spending, SANS 2020 report

The rapid migration to cloud-based technologies is the biggest disrupter worldwide of operations and a key driver when organisations plan their spending increases, according to the results of the latest SANS 2020 Cybersecurity Spending Survey.

“The SANS survey showed that rapid movement of corporate services and business applications to cloud-based technology is the biggest factor causing breakage in existing security architectures as well as driving most new security spending,” says John Pescatore, SANS Director of Emerging Security Trends. “Cloud monitoring and cloud security access controls were the top two spending areas, followed by spending to increase security staff skills to deal with new technologies, such as the cloud, and to keep up with changes in regulations as well as new threats.”

Slightly more than 50% of respondents ranked the increased use of public cloud infrastructure-as-a-service (IaaS) implementations as the biggest disrupter to security programs in the next 12 months. Based on that, 71% of respondents reported seeing a need to increase spending on cloud security monitoring, followed by cloud access security broker cloud-specific tools (53%), staff skills training (52%) and strong authentication (46%). 

Overall, 57% of respondents feel that out of people, process and technology, an increased investment in people would provide the biggest improvement to their overall security posture, followed distantly by process (19%) and technology (18%). 

“Managers see increased and refreshed skills in their existing staff as being significantly more critical than simply increasing headcount,” according to Barbara Filkins, SANS Analyst Program Research Director and author of the report. “The fact that respondents prioritise increasing staff skills significantly over increasing headcount to deal with ‘disruptive technologies,’ especially when faced with escalating privacy regulations—and fines—worldwide, is not surprising. Business use of IaaS and hybrid cloud requires re-architecting security controls and integrating with CI/CD methodologies.”

In a series of follow-up interviews with selected survey respondents, security managers recognise the need for “upskilling” to increase retention rates, which improves both effectiveness and efficiency. Increased skills around new technologies and new security techniques is also required to enable any use of security automation technologies, which were not highly cited for spending increases in 2020.

Strong authentication, the fourth most highly cited area of planned new spending, points to the recognition that the majority of damage from breaches and ransomware attacks in the past year were enabled by the use of reusable passwords that were easily captured via phishing attacks. CEOs and boards of directors are backing security teams in overcoming obstacles to implementing multifactor authentication.

The report can be downloaded from the SANS website

www.sans.org

[Column] Nixon Kanali: Moving to the cloud can help African business stay secure from cyber threats

A few years back I got the chance to attend the East African Cloud Summit organized by the University of Nairobi’s C4DLab in collaboration with Microsoft. The summit was on Cloud Computing and how it can be used to improve societal growth and transformation.

One of the panellists present during the summit was Dr.Bitange Ndemo, a former Permanent Secretary in the ministry of ICT who is currently heading a 10-member taskforce on blockchain and artificial intelligence in Kenya. Dr. Ndemo spoke widely on Cloud and why most African organisations and even SMEs are still scared of moving into Cloud. He said most of these companies feel unsafe with their data being in the Cloud since they believe that with the data being in the Cloud they will be sharing it with other people.

Dr.Ndemo also noted that most of these organizations lack information about the importance of moving to the cloud. I remember asking the panel what needs to be done to convince these organizations or SMEs that the cloud is an indeed a safe place store their data, and Dr.Ndemo joked that the only thing that can be done is pray for them. Well, one thing was clear though, more awareness and facts need to be given to these organisations. One thing they emphasized on is that moving into the Cloud is not about sharing, it’s about accessibility.

Moving to the cloud can help businesses secure from cybercrime threats. In an interview I once had with Kaspersky Lab Channel Sales Manager for East Africa, Bethwel Opil, on the State of cybersecurity in the country, it was evident that there were so many gaps to be filled. Most organizations are not investing in this sector. Its either they don’t have the personnel or don’t even care at all. The cloud could help them fill these gaps and stay secure from online threats.

With the threat of cyber-crime and insider fraud on the rise, Kenyan companies should be looking towards cloud applications as one means of improving the security of their IT environments. In their experience, Bethwel Opil said CIOs and/or CISOs are starting to understand how serious cybercrime is becoming in Kenya, and the realities around cybercrime and the impact it can have on a business – not only from a data loss point of view but also from a reputational one. Kenyan organizations are wrestling with the growing danger posed by threats such as malware, hackers, and theft of computing devices.

The cost of cybercrimes is mounting, Cloud computing improves IT security and security professionals and African organisations need as much help as possible. Cloud helps security operations respond quicker to threats helping organisations to focus on business risk as opposed to spending thousands of hours researching threats.

Cybercriminals are becoming very skilled and are placing a strong focus on the business market, given the financial gain it can offer them. Ransomware that targets businesses, for example, is becoming more widespread and more sophisticated. Cybersecurity is therefore not an issue that only IT people should take into consideration. The reality is that it concerns everyone – consumers, home users and their families, small businesses and large organisations, including governments.

Moving to the cloud should, therefore, be a top priority for African organisations.

Nixon Kanali is the Tech Editor for the African Business Communities

[Column] Christine Ambetsa: Data Security; embracing autonomy and intelligent machines

The National Cybersecurity Centre (NCC) detected over 3.8 million cyber threats between July and September 2018 according to the Communications Authority of Kenya’s first quarter sector statistics report for 2018/19.

CIOs are operating in a state of heightened awareness. Their mission-critical systems are increasingly under threat from constantly evolving viruses and hacks, making it tougher than ever to defend the lifeblood of their business – data.

The National Cybersecurity Centre (NCC) detected over 3.8 million cyber threats between July and September 2018 according to the Communications Authority of Kenya’s first quarter sector statistics report for 2018/19. The cyber threats detected varied from denial-of-service (DOS) including botnet and brute-force attacks that led to denial of computer services and illegal access to computer systems, online impersonation via social media accounts and domain names, malware including phishing attacks and online abuse including online fraud to name a few.

Unsurprisingly, nearly a third of Kenyan CIOs state that their key focus area is advanced security solutions, the second highest priority listed after disaster recovery and business continuity.¹

Security is hard

Simply put, security is hard. Much of it comes down to the way IT has evolved – as an open environment. For years, people and businesses have purchased disparate products, disparate servers, disparate operating systems and disparate databases and then connected them all together. The unintended and unfortunate result is that lots and lots of individual pathways have been opened up in the corporate system.

As a result, what’s sprung up around these corporate systems is a cyberspace battlefield, in which nobody is safe. Even IT professionals are combatants on that battlefield, tasked to make the right security choice every day, because if you don’t, you’re putting the future of the business at risk.

Adding even greater significance to the security mandate today is the advanced and persistent nature of today’s threats. Malicious actors are seemingly always one-step ahead and in order for enterprise security forces to do their job, they must exercise constant vigilance and innovation.

So how can businesses move forward with confidence and continue to build their data assets, while at the same time facing up to the barrage of security threats?

A new kind of defence

The answer is a new kind of defence; one that pits machine against machine so that organisations have a nearly impenetrable barrier to protect their data and their cloud.

Hackers are already wise to the power of letting machines do the work. Right now, for many organisations this battle takes the form of their malicious bots versus your people trying to defend from inside the business. But in this scenario of machine versus man, which do you think is faster? Who do you think will win?

To give your business a fighting chance in protecting its data, you need a defence system that’s completely automated, and even autonomous. With autonomous data management, database threats can be discovered automatically and then repaired. No human beings are involved. Patches are immediately applied while the database is running, which means you don’t need to wait around to find a window of downtime. This is essential for protecting your data on-premise and in the cloud.

Security in the cloud

The current state of cloud defence, in many cases, is just not good enough – not even close. The smartest technology companies are routinely penetrated, as we’ve seen in the unending stream of media stories about businesses having vast quantities of their data stolen. Even the most security-conscious government agencies are also vulnerable.

And because organisations don’t exist in isolation protection is needed both within the company and without. So, the cloud/s they run on also need robust cyber defences using the latest artificial intelligence and machine learning technologies; to find threats and kill them; to search and destroy. Again, the only way to win is to make the battle robots versus robots. It’s the only way to protect the cloud infrastructure without having both hands tied behind your back.

The good news is that the government intends to focus on emerging technologies such as blockchain, artificial intelligence, the Internet of Things (IoT), cloud solutions and data analytics; this pronounced focus will be a key driver for the local ICT market according to the IDC’s Kenya Enterprise ICT Market Outlook for 2018 and 2019.

Time to let machines take the lead

We’re already seeing some companies turning to use systems like the autonomous database for better protection – and without the additional overheads.

Take National Pharmacies, an Australian pharmacy chain, for instance. The company has to be able to move its data at speed for life-saving insights, but needs autonomous capabilities to keep protecting its database without human intervention; as it can’t risk loosening any security or privacy practices at any point.

So, with attacks becoming more frequent, and attackers getting smarter and businesses data more vulnerable, it’s time to let machines take the lead on the cybersecurity battlefield. In doing so, companies will then have at their disposal, the most advanced tools in order to fight – and win – against the most advanced threats.

Christine Ambetsa is the Regional Applications Sales Leader – East Africa at Oracle