Everything about security always comes back to speed, surprise and aggression; even from the attacker’s perspective.
Media 7: There is a lot of excitement around how machine learning can change the cybersecurity landscape. What are your thoughts on it?
Sam Rehman: First and foremost, we need to understand machine learning and big data in general, and how attackers are using artificial intelligence (AI) —whether we like it or not— with their scanners and different approaches of targeting people and systems. They use AI in a number of ways, including to reduce failure and accelerate and increase their yield. And there’s a lot of innovation around this. There's a big marketplace that's actually building out a lot of these tool sets for them. So that's one aspect of it. On the defensive side—on the “good guys” side—AI is critical in a number of areas. We’re facing an attack surface now that is on a whole different scale. We’re looking at people accessing numerous devices and using different kinds of access points. You look at the people, connecting to different applications. There are tons and tons of API's, but there’s really no effective firewall anymore. The new perimeter is much more fluid. And for that aspect of it, it's not possible for us to just use our own sets of policy without getting out from under big data—from analytics and AI. So how do we use AI? Well, in the same method that the attackers are, to speed things up.
Everything about security always comes back to speed, surprise and aggression; even from the attacker’s perspective. AI can begin to defend from all aspects. For example, if there's an attacker getting in, AI could help us potentially narrow it down to figure out much faster, where the anomalies are. Second, it could actually help us on some predictive work as well, which is to see where the focus areas are. It can scan through the data and understand where our real exposures are, so that we can actually focus our technical controls in those areas as opposed to putting in a backdoor that turns out, none of the attackers would ever use. We eliminate, and lesson wasted resources, which is why, from my perspective, AI is a must. The question is, how do you use it? I think there are lots of areas that could be useful, but the most important aspect of it is to amplify your response team, or your tactical teams. Help them reduce their manual labor, automate and predict as much as possible, while reducing the feeling of false.
M7: Remote workstations have exposed organizations to various cybersecurity challenges. What are some of the best ways enterprises can mitigate risks and secure endpoints?
SR: First, it is imperative to protect endpoints (laptops, desktops, phones, etc.) This is about making it as difficult as possible for the attacker to get through. So the standard set of controls begins with verification. Follow the Zero Trust principle, which I fully subscribe to, beginning with least privilege. Make sure that you break things down into units—as finite as possible and as small as possible – for constant verification. Secondly, have the basic hygiene, making sure that you have device management and compliance in place, as well as a data loss prevention agent audit so that people can transfer log files in and out.
Last but not least, make sure that you're proactively monitoring. Again, it's no longer a game of building up a wall and then walking away, it's about building a wall to make it more difficult. But watch that wall like a hawk. Make sure that you have sensors, with agents to proactively scan for anything that's not normal. Then, consider that while VPN is useful, it has been completely misused in my opinion. I think we're overusing VPN in a lot of areas. Especially these days, we should look at how we use VPN all over again, and really define it as an aspect of what you can do, but not the norm of what every employee should do. We should look at much finer grained type of connectivity.
Read more: 'The “Swissness” stands for quality around the world' says Henri W.R. Kennedie, President & CEO at Swiss International Hotels & Resorts.
The more complex we make the application, the harder it is to find out if something is bad or good.
M7: What are some of the biggest threats that are plaguing the cybersecurity space at present?
SR: Identity is still the number one entry point. Enterprises are caught in a situation where they've been building out very loosely designed identities and access control in the last 10 to 15 years. It's a huge attack vector for the bad guys, who sell them in the marketplace. It's not like 30 years ago when bad guys would actually have to understand how to steal identity, penetrate the system, do lateral attacks that steal data, now it's a whole marketplace.
Cloud Configuration has a huge role. Everybody has moved to the cloud—the great cloud transformation. It’s a wonderful thing that provides tremendous benefits. However, clouds are extremely dynamic. And from a defender perspective, whether it's a physical world and cyber, it's exactly the same. Take your house for example, a potential attacker can do a house survey and understand exactly how many windows and locks you have, creating a plan of action. Cyber is now completely dynamic, shapeshifting and molding and because of that, it becomes difficult to defend. People misconfigured cloud configuration or more likely they configure it properly, but as they start to scale out and they start to stretch the cloud, they add new nodes, they lose that compliance, they forget about actually applying the same policy or the same rate to some of those nodes. So, cloud configuration is the second aspect of security that makes it a really hard problem to solve.
Separating Cloud Data is so difficult because there’s just so much of it. How we disseminate all the data and access, it makes it very difficult to protect the data set. If I were to tell you that, from today onwards, we’re going to wipe out everything that has your name on it—that belongs to you—how would I even do that? It's almost impossible to do it because we have so much data that's out there, and guess what the attackers are using? They're using AI and long digital trails.
AI and Long Digital Trails, we now have so much information connected to us, just like a trail of breadcrumbs. People post way too much on Facebook. They post way too much on Twitter. I know when somebody's going on vacation if they’re posting about it. This makes it very easy for an attacker to actually narrow down, get information and target individuals.
We have tons of Applications and APIs out there, and the bad guys are attacking them. If you think about how complex applications are, it makes it very difficult for somebody to actually tell whether it's actually a legitimate API call, or an attack. The more complex we make the application, the harder it is to find out if something is bad or good.
Supply Chain, when we get too comfortable trusting our suppliers, we become vulnerable. Who’s supplying the laptops, phones, vehicles—everything within an organization? If they attack and persist, you know a malware has been built into that product line and delivered to you. That's why supply chain is such a complex problem when it comes to cybersecurity.
Cyber Security as a Service, where attackers are now creating a marketplace, and they figure out how to monetize from those marketplaces. It’s a marketplace of collaboration of the nefarious actors, and it’s making it extremely difficult to defend against.
M7: Could you please tell us a little bit about EPAM Systems’ Cybersecurity by Design service?
SR: We are experts in building software, and we're all engineers. Our DNA comes from engineering. And we believe that by stitching security inside software, built in every facet of software engineering, in every aspect of running your transformation programs, you make security robust—not as a checklist or afterthought, but a forethought. We're in a very good position to build out security in software and help our clients both increase the strength and security in their existing system and move forward with confidence.
Read more: 'We Protect Those Who Protect Us' says Caitlin Hayden Senior Vice President for Communications at BAE Systems, Inc.
It's no longer a game of building up a wall and then walking away, it's about building a wall to make it more difficult.
M7: What advice do you have for professionals stepping into the security industry?
SR: First, for people thinking about going into cybersecurity, I tell them, do it! It’s hard work, though. Harder than most imagine because it’s extremely broad. Be prepared to constantly learn. You are never done. So take certification courses that will allow you to learn critical language and processes. The reason for this is because we do speak in a certain way, with certain acronyms because it’s just faster than saying all the long-winded terms we use often. Once you've done that, then start to work on some practical aspects of area that interests you the most, whether it’s cloud, data, business analytics and so on. Think about compliance. That would be a great area to look at. But take a generic class first. We need as many people as we can get in the cybersecurity space right now. So do it if you're interested.