Innovations in one platform ensure the full potential of defensive capabilities, says Michal Ostrowski, SecureVisio
Q: Ostrowski, you are a regular attendee at the InfoSec conference. Two years ago you said that “if someone attacks you with a rifle, it’s not the gun that’s the problem, it’s the attacker, and that any intervention should be the result of human action, not relying on the automatic response of the system.” Do you still think so today, when automation and artificial intelligence have an ever-increasing role on both sides of the barricade – for both attackers and defenders. What has changed in the cybersecurity landscape in recent years?
ANSWER:
I don’t think that these two thoughts contradict. Both elements are very important. The human element is crucial to understand the reasons of the attack, the profile of the attacker, the risk level. And then you have all the automation, AI, machine learning – all these great tools that help automate operations wherever you can automate them. My comment from 2 years ago was specifically about targeted attacks, mostly performed by APT groups. You need to gain strategic knowledge that’s very often not even technical. That part needs to be done by a human. At the same time you need to use automation in a smart way, for example to be able to protect yourself from the same kind of attack in the future. Modern cyber resilience solutions use threat intelligence feeds ingesting them into their SIEM, SOAR or UEBA. However huge part of threat intel is gathered manually by human beings.
Q: Many research organizations are trying to calculate the damage that cyber incidents cause to businesses. Leaving aside how accurate these calculations are – the numbers usually vary widely – the more important question is how can businesses actually reduce the risk and damage from security breaches? Automatic real-time business impact analysis, taking into account the business context of events – tell us more about this unique feature of SecureVisio?
ANSWER:
First of all, one of the fundamentals of cyber risk management is the assumption that there are no two companies with exactly the same risk profile. There might be a common ground especially in the same lines of business but there is always your personal risk profile. Your risk DNA. Understanding what those risks are, quantifying them, mapping your most important assets – your crown jewels – and then assigning an acceptable risk level to each segment of your infrastructure are all a foundation for an effective risk management.
SecureVisio has a unique ability to auto discover assets in the infrastructure and assign risk levels to them. It also allows a user to assign their own risk to each and ever asset. Our Integrated Risk Management Module within SIEM makes sure that correlation rules automatically include the information about new business processes and sensitive data. The entire system is designed to help automatically calculate the risk level based on a individual profile of the organization.
Q: Is cyber resilience the new buzzword? Your lecture at InfoSec 2024 is on this topic and in particular the Holistic Approach to Cyber Resilience. What does cyber resilience mean and how can organizations achieve it?
ANSWER:
Cyber resilience refers to an organization’s ability to anticipate, withstand, recover from, and adapt to adverse conditions in the cyber environment. What’s important is that term not only applies to defending against cyber attacks but also to system failures, data breaches and all the potential disruptions that could compromise confidentiality, integrity or availability of data. During my lecture I will focus on a framework called CTEM – Continous Threat Exposure Management. The biggest difference between legacy and modern solutions in their approach to cyber security management is that the old ones rely on periodic assessments or point-in-time evaluations. Modern solutions should be able to provide an ongoing visibility to ensure that identifying vulnerabilities and risks is done constantly, leading into improving the cybersecurity posture. CTEM provides us with a methodology to effectively combine tools and processes to do that.
Q: Client organizations typically face a dilemma: whether to rely on fully cloud-based cybersecurity solutions or on-premise deployments. You, at SecureVisio, support both types of solutions. What do you advise customers when choosing a solution – when is the cloud appropriate and in which cases is local implementation preferable? Is the trend toward cloud security as a service irreversible?
ANSWER:
On-premise vs cloud dilemma is multi-layered. Each organization is different, so it needs to take into consideration the following:
- Security requirements – each organization has different security requirements, compliance obligations, data sensitivity and risk tolerance.
- Resource constraints – what is the budget, what is the level of in-house expertise
- Risk assessment – what are the potential threats associated with both on-premise and cloud solutions
There are situations when data needs to stay inside – certain government institutions, matters of national security, financial organisations, key critical infrastructure companies – those are the examples where it would be very difficult to send everything to cloud. On the other hand if a company has a sufficient operational budget and is not concerned with risks associated with sending data to the cloud, doing that could significantly improve their security operations.
We at SecureVisio understand that sometimes data needs to stay inside. Hence the fully on-premise solution. In the second half of this year we will also be able to provide our customers with the cloud version of our platform.
Q: We learned from the InfoSec organizers that „the icing on the cake” this year was the decision-making simulation game „Cyber Fortress”, wich provides cybersecurity training through gamification. Could you lift the curtain on this fun challenge for conference attendees?
ANSWER:
SecureVisio is a proud sponsor of the Cyber Fortress simulation game for the conference attendees. The game is about building the most resistant ICT cyber security system and responding effectively to various threats from cyber space. The participants are divided into teams with predetermined budgets to spend on various products and services. During each round teams have to defend against attacks and score points.
I have taken part in several CyberFortress events and it has always been a super exciting way for cyber security professionals to exchange opinions and compete.
Q: What is the current state of innovation in cybersecurity and how important is innovation in cybersecurity?
ANSWER:
Innovation is not only important but it’s essential for addressing the evolving landscape of threats and malicious actors. There is a saying that the attackers move at the speed of light and the defenders at the spee of law. That’s why it’s crucial for defenders to innovate at t higher speed than the attackers.
Recently George Kurtz, the CEO of Crowdstrike during one of his interviews stated that there is a fundamental difference between innovation and acquisition and the latter can be a huge pain for customers because it results in having to manage isolated solutions and multiple platforms.
What we have seen over the last few years is that it is much easier for large companies to acquire smaller ones in order to acquire a missing functionality than to develop the same functionality on their own. That trend then results in a situation where theoretically one vendor is able to provide a customer with a full set of functionalities but not within one platform, not within one console. With huge amounts of data, volume of modern threats, the necessity to respond within seconds, using isolated tools to defend against threat actors is a recipe for disaster. That’s why it is so important to innovate within one native platform to ensure the full potential of defensive capabilities.
____
We learned from InfoSec SEE 2024 organizers that the icing on the cake this year is the decision-making simulation game Cyber Fortress, which teaches cyber security through gamification. Could you lift the curtain on this fun challenge for conference attendees?
SecureVisio is a proud sponsor of the Cyber Fortress simulation game for conference attendees. The game is about building the most resilient ICT cyber security system and effectively responding to various cyber threats. Participants are divided into teams with predetermined budgets that they can spend on different products and services. During each round, teams must defend against attacks and score points.
I’ve participated in several CyberFortress events and it’s always been a super exciting way for cybersecurity professionals to exchange ideas and compete.
The interview was prepared with the assistance of COMPUTER 2000 Bulgaria, official distributor of SecureVisio and organizer of the InfoSec SEE 2024 conference.
___
If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query.
Content curated by the team of COMPUTER 2000 on the basis of news in reputable media and marketing materials provided by our partners, companies, and other vendors.
CONTACT US
Let’s walk through the journey of digital transformation together.