Brian Soetaert

Insider threats pose a complex challenge for most organizations.

In order to illuminate more about this game-changing solution, we talked to Kirk Cerny, Senior Director of Insider Threat at CYDERES to get the lowdown on ITDR, and a broader look at insider threats.

Intro to Insider Threat Detection & Response

CYDERES Insider Threat Detection & Response, or ITDR is a first-of-its-kind solution to help organizations combat the growing number of insider activities that are affecting organizations in adverse ways. ITDR seamlessly combines technical and human behavioral indicators within a single analytics platform, providing a unique blend of cybersecurity firepower and AI-driven behavioral analytics that enable SOC teams and their HR and legal counterparts to proactively mitigate their highest-priority threats.

Starting Your Own Insider Threat Detection Program

Don’t know where to begin with starting your own insider threat detection program? Kirk breaks down a good entry point and highlights how CYDERES can help get your insider threat detection program off the ground.

The Technical & Non-Technical Indicators of Insider Threat

Many insider threat programs focus only on technical indicators, but insider threat is not just a network problem, but a human problem. ITDR focuses on both technical and non-technical indicators to provide a more well-rounded and effective insider threat solution.

What Does a Whole-Person Approach to Insider Threat Look Like?

Kirk dives deeper into how non-technical indicators factor in to our “whole-person approach” to insider threat.

The Present State of Insider Threat

Insider threats are on the rise, and 2021 has been a year where many are either starting or bolstering their insider threat programs, as Kirk explains.

The Importance of Insider Threat Deterrence

Insider threat programs need to be much more than just responding to malicious activity. It is also important to put an emphasis on deterrence to reduce the likelihood that an adverse event will occur.

24/7 Insider Threat Mitigation

Staying on top of insider threats effectively can be a daunting task. With CYDERES, you have a team that is ready to assist 24/7.

Insider Threat Detection & Response

Ready to do address the human factor of cybersecurity? The CYDERES Insider Threat Detection & Response solution is built to provide you with a frictionless way to tackle the issue of insider threat within your organization.

To learn more about ITDR and insider threats, fill out the form below to be connected with one of our experts.

Cybersecurity Awareness Month was launched by the National Cyber Security Alliance & the U.S. Department of Homeland Security in October 2004 and has been a continued focus in InfoSec communities each October since. On this first full week of October, we’re turning our focus toward spreading cybersecurity awareness to help members of our community and the organizations we serve do their part to #BeCyberSmart.

Each year, Cybersecurity Awareness Month is a call to action for individuals to own their role in protecting their part of cyberspace. At Fishtech Group, our mission is to lead organizations to a more secure future, but that security isn’t achieved by some vague corporate check box, but rather an every day, ongoing commitment from each and every one of us.

We each have a role to play in making sure we follow best practices to protect our devices and data to ensure the broader security of the individuals in our organizations.

We will be putting out new content every week for all of this year’s Cybersecurity Awareness Month themes. To start off this critical month, we wanted to highlight some quick tips in a “Cybersecurity Basics: Quick Refresh Guide” that will help to inform you about some basic areas of cybersecurity and lay the groundwork for your better overall awareness and understanding on the intricacies of cybersecurity and how you can #BeCyberSmart.

—

Cybersecurity Basics: Quick Refresh Guide

Ask any cybersecurity professional what the biggest threat is to a company, and most of them will say their employees, even if the threat isn’t intentional. Basic human error is a major contributing factor to 95% of security breaches (The Hacker News). Can you remember the last time you reviewed the login information for your personal and professional accounts or checked the security of your network connection? A few small changes just might save you from an account compromise.

Ready to implement a few upgrades to protect your information and access? Here’s your handy checklist of basic security features to add to or refresh your personal and professional accounts:

1. Create strong passwords.
   • Ensure that your passwords contain upper and lowercase characters, symbols, and numbers. A random combination of these will make guessing your password and hacking into your personal accounts more difficult.
2. Use at least two-factor authentication
   • Add an extra layer of protection to your login process by implementing one extra step. Instead of only submitting your login credentials to gain access to your account, set up a second method by confirming your access on a second device. For example, have a confirmation code send to your phone or email.
3. Keep your software up to date
   • Ensure your operating system, applications and web browsers stay up to date by setting your updates to happen automatically. Many updates include security features, so it’s a good idea to stay on top of them!
4. Backup your files
   • Be sure you have your important files backed up on an external drive or in the cloud. This way, if something unfortunate happens and you lose information on your device, you have it saved in another place.
5. Be careful with public Wifi and Hotspots
   • Public wifi and hotspots are not secure internet connectors, so it’s easy to see the activity of others connected to the network. We recommend using a VPN and personal hotspot to access the internet instead.

We hope this handy checklist serves as a quick reminder of the basic, but necessary security practices. If you already have these in place, and we’re certain that most of you do, then a quick refresh won’t hurt. If you don’t, today is the perfect day to start!

Are you an organization looking to ramp up the basic security features you have in place? Our experts at Fishtech Group are standing by to help. Drop us a note below and our team will be in touch.

In the meantime, stay tuned through the rest of October as we continue empowering you to #BeCyberSmart this Cybersecurity Awareness Month. We’ll be back next week for a focus on phishing with ways you can better understand and fight back against these kinds of attacks.

Any questions? Fill out the form below to be connected with one of our experts.

Our Teams are Building a More Secure Future.

We have been incredibly excited by the launch of the CYDERES Cloud Native Analytics Platform (CNAP) 2.0 as we continue to bolster the already amazing capabilities of our strategic partner Google Cloud, and their Chronicle offering.

With Google Cloud’s recent announcements around Autonomic Security, the path to modernizing your security programs is clearer than ever. On their recent earnings call, Alphabet and Google CEO Sundar Pichai recently highlighted GC’s security offerings (incl. Chronicle) as their “strongest product portfolio” empowering their incredible growth.

CYDERES is proud to be one of Google Cloud Chronicle’s founding partners and preferred MSSP partners to deliver this solution.

With all of the excitement building around CNAP 2.0, we wanted to illuminate a bit more of the team that is working behind the scenes to develop these game-changing offerings. We recently sat down with Cassandra Varvel, CYDERES Director of Engineering, to talk about CNAP 2.0, the various parts of the Engineering organization, how we integrate with Google Cloud and Chronicle, and more.

CYDERES Engineering Team

Our CYDERES organization is built of many moving parts. Cassandra illuminates one of the pivotal pieces of the broader CYDERES organization: the Engineering Team. Learn about the various positions within the team, and what impresses Cassandra the most about this talented group.

CNAP 2.0 Benefits

CYDERES Recently launched CNAP 2.0, improving on the CYDERES Cloud Native Analytics Platform that has already provided so much value for our customers. Cassandra talks about some of the new benefits you can expect with this exciting launch.

How Does CNAP Utilize BigQuery?

CYDERES has been in close partnership with Google Cloud, and their Chronicle platform, to help bolster their already incredible threat hunting capabilities, and to provide one of the best answers to the issues of legacy SIEM. Learn more about how CNAP utilizes Google BigQuery and what we bring to the table to help make detecting threats easier than ever.

How is CYDERES Different From a Traditional MSSP

We pride ourselves in being different from traditional MSSP offerings. Cassandra talks about some of the reasons as to why we are a better alternative for those looking to move away from legacy managed security offerings.

The Power of TEAM

It’s important to build great teams that can trust each other and work well in collaborative environments, and we think our Engineering Team is one of the best in the business. Cassandra talks about some of the best aspects of the teams we have been building at Fishtech and CYDERES.

Work on Critical Client Solutions at CYDERES

It can be a daunting task to work in a cybersecurity company, but these challenges can be very rewarding as well. Cassandra talks about the excitement she feels when working on critical client solutions.

Join Our Growing CYDERES Team

Interested in joining our CYDERES team? Hear about some of the positions we’re looking to fill, and be sure to check out our Careers page apply for one of our amazing opportunities!

If you are ready to discuss CNAP, CYDERES Engineering, or any of our other offerings, fill out the form below to be connected with one of our experts.

Escalating risk + legacy programs – security talent = the nightmare many organizations are currently experiencing.

There is a path forward. As organizations continue to move towards automating and operationalizing their security programs, managed security outcomes are enabling businesses to return focus to growth and customer satisfaction. Traditional hindrances of MSSP’s are in the past when you can leverage the speed to value, cost-efficiency, and full visibility that comes with CYDERES 24/7 security-as-a-service.

With our strategic partner Google Cloud’s recent announcements around Autonomic Security, the path to modernizing your security programs is clearer than ever. On their recent earnings call, Alphabet and Google CEO Sundar Pichai recently highlighted GC’s security offerings (incl. Chronicle) as their “strongest product portfolio” empowering their incredible growth.

CYDERES is proud to be one of Google Cloud Chronicle’s founding partners and preferred MSSP partners to deliver this solution.

How exactly is CYDERES and our proprietary Cloud Native Analytics Platform (CNAP) able to build on Google Chronicle’s success to accelerate SOC and SIEM transformation?

Learn more from CYDERES VP Will Aune as he unpacks key features and use-cases that are winning for our clients.

What is CNAP?

The CYDERES Cloud Native Analytics Platform, or CNAP, is the perfect compliment to security teams that are prepared to monitor and respond to their own alerts. Will gives a quick into CNAP and highlights what CNAP can bring to the table.

What are the Benefits of CNAP?

People, process, and technology. Get a quick look at how each of these play into how we deliver value to your organization through our Cloud Native Analytics Platform.

What’s the Difference Between CNAP, GSOC, and EMDR?

CNAP, GSOC, and EMDR are three different tiers of our broader detection and response offerings. Each offering corresponds with differing levels of how involved our team is in the response to detected threats. Listen in as Will breaks each one down.

The Challenges of Traditional SIEM

Traditional SIEM offerings come with a lot of baggage, and there are many challenges associated with these legacy solutions. Will talks about a few of the challenges of traditional SIEM, and how our solutions help address these obstacles.

Our Advantages Over Traditional SIEM

Will dives deeper into a few of our advantages over traditional SIEM offerings, and how our partnership with Google Cloud Chronicle enables our customers to easily overcome past struggles to adequately protect their business in the cloud era.

What is CSOC?

One of our fast-growing add-on services is our Cloud Security offering, or our Cloud SOC. Will gets into this offering and how it can bolster your overall security by supplementing your program with a dedicated team focusing on the cloud.

Benefits of a SIRT Retainer

Our Security Incident Response Team is not only world class in their professional capabilities, but also provides additional value with our Use It Don’t Lose It policy. If our SIRT services are not utilized during the term of the retainer, we will reach out to see how the funds could best be utilized with our other service offerings across the Fishtech Group organization.

If you are ready to discuss CNAP, Cloud Security, SIRT, or any of our other offerings, fill out the form below to be connected with one of our experts.

Last week Google Cloud held their first-ever Security Summit featuring fresh insights from industry leaders and interactive sessions with an aim of helping you solve your most critical security challenges.

As a signature sponsor, we were asked to put together a presentation on combating modern security threats with modern security operations. We brought in two of our CYDERES experts, CYDERES Chief Technology Officer Tim MalcomVetter and CYDERES Chief Operating Mike Wyatt, to talk about how CYDERES is helping organizations better prepare for the cyber challenges of the modern era through our talented people, robust and detailed processes, and advanced technologies.

Learn more in our deep dive on how “Modern Threats Require Modern Security Operations“.

If you are interested in learning more about CYDERES check out some of the following:

Relentless cyber-attacks and an expanding digital threat landscape caused by a surge in at-home workers during the coronavirus pandemic have left corporate cybersecurity teams overwhelmed and exhausted.

Making matters worse, a parallel increase in insider threat incidents has forced these teams to reckon not just with external risks but also with the growing possibility that trusted individuals from within the organization will cause financial, operational and reputational harm.

CYDERES, the pioneering security-as-a-service division of Fishtech Group, has developed a new service to address these complex and hard-to-detect threats, even while continuing to detect and respond to advanced external cyber threats.

Developed in partnership with Haystax, also a Fishtech business unit, this new Insider Threat Detection & Response (ITDR) managed service analyzes a customer’s existing user and network telemetry to pinpoint and prioritize its riskiest insiders.

An IBM study released in May notes that 40% of the insider attacks it studied between 2018 and 2020 “were detected through alerts generated via an internal monitoring tool.” In almost 10% of cases an outage was the first sign of an insider event, while human reporting was instrumental in 20% of cases. (The remaining 30% were not reported to the study’s researchers.) The study also noted that 40% of incidents involved an employee with privileged access to company assets. In all cases where the insider had administrative access, this elevated access “played a role in the incident itself.”

But what if those different sources could be stitched together and analyzed collectively? The power of ITDR is that it casts a wider net than conventional managed services for data that indicates insider risk. It augments network and device telemetry with a variety of other sources that reveal behavioral anomalies. And ITDR is optimized to focus on the most prevalent insider threat cases, such as data exfiltration, account compromise and risk from individuals who plan to depart the organization or learn they are to be involuntarily terminated (image below).

The analytic result is a composite picture of insider risk, regardless of whether the intent is malicious or the result of unwitting behavior or negligence. This is a crucial analytical capability since accidental breaches and negligence are growing elements in the insider threat landscape – due perhaps to increased stress or carelessness brought on by the pandemic and its consequences.

A recent Harvard Business Review piece noted, for example, that “employees are now 85% more likely to leak or lose files with intellectual property (IP) and other valuable data than they were before the pandemic began.” In a separate survey, 20% of respondents reported security breaches caused by remote workers – a large increase from pre-pandemic levels.

CYDERES is widely known for its human-led and machine-driven security-as-a-service operation, which supplies the people, processes and technology companies need to manage cybersecurity risks, detect threats and respond to incidents in real-time. These 24/7 services act as a ‘force multiplier’ to augment corporate cybersecurity ops teams, helping them shift from reactive monitoring to proactive threat hunting.

Haystax is an award-winning innovator in the application of AI-based risk management analytics to support any type of security mission – from critical infrastructure protection to natural disaster preparedness to insider threat mitigation. Haystax has even provided security alerting and real-time threat analysis to nine of the last 13 Super Bowls, as well as many other major national-security events.

By applying machine learning, probabilistic modeling and other AI techniques to IT telemetry and other data sources, the ITDR service developed by the CYDERES-Haystax team is able to filter out noise and false positives and deliver actionable intelligence to our clients in the form of prioritized and triaged alerts – plus response recommendations and even enhanced training and awareness services.

This seamless blend of cybersecurity firepower and AI-driven behavioral analytics within a single platform, delivered as a managed service, is the best way for organizations to proactively mitigate their riskiest insiders.

Simply put, ITDR focuses on the threats so the corporate team can focus on doing what it does best.

#   #   #

Note: The CYDERES Insider Threat Detection & Response managed service, powered by Haystax, will be launched on July 1. Join us on July 8 for a live interactive webinar that will include an in-depth ITDR briefing and live demonstration of its capabilities. Register here.

Identity and Access Management, or IAM, is the foundation of modern security and is an important part of a mature cybersecurity program. Many important conversations surrounding IAM started last year with the onset of the pandemic, and many foundational pieces of IAM have been put into place for organizations that may have never given cybersecurity a second thought.

We again sat down with Chris Vermilya following our previous interview that covered topics illuminating the basic principles of Identity and Access Management, like the Four Pillars of IAM. This time around, we dove into other areas, like how IAM plays into a Zero Trust Framework, re-thinking how IAM services are managed, the impact of artificial intelligence/machine learning, and more. Check out all of the clips from our interview below.

What is IAM?

At its core, Identity and Access Management (IAM) is the governance of identities and what access they have. Let’s start by reviewing Fishtech’s unique approach to IAM and the four pillars that make up a solid IAM program.

Is IAM the Foundation of Modern Security?

Traditional perimeters are obsolete, but how should organizations view their overall IAM security model? Hear Chris Vermilya explain why the “castle and moat” model is dead and exactly how and why a zero-trust approach shows us the way.

Getting Started with IAM

Organizations often feel overwhelmed knowing exactly how to start their program or next steps to maturity, but our trusted advisors will help you understand what approach you should take based on your business objectives and risk landscape. Chris describes many common approaches below.

How Does IAM Play Into a Zero Trust Framework

Let’s dive deeper into what Zero Trust really means, and more importantly how it works inside an organization’s environment – both from an internal as well as an external identity perspective.

Should IAM Be Managed as a Service?

The hypergrowth of the security product landscape has pushed the necessity of as-a-service models which enable organizations to implement, validate, and even automate their tech stack while making the absolute most of every dollar spent. What are best practices around identity solutions from a security-as-a-service perspective?

How Does Artificial Intelligence and Machine Learning Impact IAM?

By now most people have realized that AI and Machine Learning are often buzzwords used to hype a product or solution. At the end of the day, what practical value do these solutions drive to an organization? Often only as much as the data that’s available and the processes around how that data informs critical decision-making. Learn more from Chris on how future-focused organizations are actually leveraging AI and Machine Learning in very practical ways.

Cross-Functional Cybersecurity Solutions

IAM doesn’t exist in a vacuum but impacts so many different areas of the modern business and is a critical foundation for so many other areas of a mature cybersecurity program. Whether dealing with cloud security, governance and compliance, detection and response, or even the basics of log management, you’ll find identity as a core component and data stream. Chris explains some of the exciting ways these joint solutions are impacting our clients to streamline and automate their programs.

Join the IAM Team

We are passionate about leading organizations to a more secure future, realizing that we are aiding organizations by protecting far more than just data alone, but the systems behind that data and most of all, the people those systems impact. Whether it’s in healthcare, finance, energy, retail, or any other sector, robust cybersecurity programs matter to protect real people’s lives and livelihoods. If you share our passion, check out our careers page for our latest open positions and apply today!

“In early May, global insurer AXA made a landmark policy decision: The company would stop reimbursing French companies for ransomware payments to cybercriminals.”

Wow. Quite the declaration. This was pulled from a recent article on Dark Reading. Cyber insurance stories like this have been continuing to pop up over the last couple of months highlighting an increasing trend.

Why?

Huge cybercrime stories have been hitting the mainstream every few days. Companies in wide-ranging industries have been hit with progressively more severe cyberattacks, and it’s shaking up the public and corporate landscape in a big way.

It’s hard to definitively say that this is all “unprecedented”. Most anything cyber-related is unprecedented. Though internet-connected devices have integrated themselves into our daily lives at an ever-increasing scale, we have to remember the cyber space is still in its infancy.

Industries that have been slow to work through digital transformation regarding cloud adoption, identity and access management, and mapping to compliance frameworks, for example, are easy targets for increasingly sophisticated attackers.

As insurance companies navigate this whole new digital world, they are beginning to see the severity and maturation of cybercrime, and the severity of cost impact on their own bottom lines. With ransomware payouts continuing to rise, it’s easy to see why re-evaluations on cybercrime coverage are taking place.

The looming potential of a lack of coverage for cybercrime carries a lot of implications for businesses trying to plan for the long term. A lack of stability and a potential for the rug to be pulled on your current plan to help combat the effects of cybercrime can be huge hindrances for growth.

Maybe it’s time to re-evaluate your “insurance” against cybercrime. Let’s dive deeper.

Why Cybersecurity is Better “Insurance” for Your Business

Insurance itself is very reactionary. An event occurs, you file a claim, you are covered. Everything takes place after the inciting incident. This increases the total costs of time and money to an indefinite degree as you look to remediate a cyberattack.

At Fishtech Group, we take a proactive approach cybersecurity to ensure our customers are equipped to detect and respond to cyberattacks with our tailor-made solutions for organizations of all sizes.

With the offerings from our Security-as-a-Service division CYDERES, you can find solutions that are right for your organization, no matter how mature your security posture. Whether you’re looking to find vulnerabilities in your organization to patch up, or if you are looking for a full 24/7 managed security team to seamlessly work with your internal teams, CYDERES can help you adopt a proactive approach to better insure your business against severe costs from cyberattacks.

Our CYDERES solutions include:

• CYDERES Cloud Native Analytics Platform
• Global Security Operations Center
• Enterprise Managed Detection and Response
• Security Incident Response Team
• CYDERES Cloud Security
• Red Team as a Service

These solutions seamlessly work together to protect your organization from the costs associated with significant breaches. What headlines often miss when they report on the ramifications of an attack are the intangible costs associated with recovering from the disruption. We’re looking at costs to time, costs to reputation, costs to morale. These are things traditional insurance can’t protect you from.

When you work with the solutions found at Fishtech Group and CYDERES to equip your organizations to combat cybercrime, you are helping give your business stability in the long-term to continue to grow and avoid the intangible costs of relying on traditional insurance.

Check out the rest of our site to learn more about our wide variety of cybersecurity solutions ready-made to help lead your organization to a more secure future.

If you’re ready to learn more, fill out the form to be connected with one of our experts.

Hi, Jason. Thanks for taking the time to talk with us today. Tell us about what you do at Fishtech Group.
 
Hi, I’m Jason Sloderbeck, Vice President of Business Development for CYDERES.

We’re continuing our highlight of our various CYDERES offerings, and today we wanted to give a spotlight on our CYDERES Cloud Security service offering. Could you give us a brief overview of CYDERES Cloud Security?
 
CYDERES Cloud Security provides complete protection for an organization’s infrastructure, applications, and data running in the cloud. Whether an organization uses AWS, GCP, or Azure – or a combination of those – CYDERES Cloud Security provides provide end-to-end security for cloud applications and servers in those environments. That includes everything from 24×7 monitoring and Incident Response, to visibility and compliance reporting. The outcome is that you’ve got a partner to detect and respond to any threat in your cloud environment.

Why would an organization be interested in CYDERES Cloud Security?

The big driver for interest in CYDERES Cloud Security is that securing the Cloud is fundamentally different than the traditional security model. The concept that network configurations and security controls are now Code maintained by a DevOps team – instead of firewalls that are owned by InfoSec is a shift in thinking and it’s challenging for many organizations to get their arms around this. Security professionals are struggling to keep up with the rapidly-changing landscape of Cloud. New services are launched every week by Cloud providers. We’ve found that you really have to be a Developer to make heads or tails out of most the security alerts that come out of your Cloud environment, let alone knowing what to do with those alerts.

How does CYDERES Cloud Security complement the flagship Enterprise Managed Detection and Response offering from CYDERES?

CYDERES Cloud Security is the perfect complement to our Enterprise Managed Detection and Response offering. While EMDR protects data centers and offices and remote employees, Cloud Security extends that to include their cloud infrastructure and applications. So now an organization has a single SOC for everything, all in one place. Our Cloud Security Engineers who work hand in hand with our SOC and we function as an extension of your team, interfacing with DevOps and Security teams to provide comprehensive security for the entire environment.

What are the various capabilities a customer can expect with CYDERES Cloud Security?

There are three key capabilities a customer can expect with CYDERES Cloud Security. First, we’re going to implement and manage a Cloud Management Platform, which provides cloud governance, container security tooling, as well as integration with CI/CD pipelines. Second, we’re going to provide Q&A support for your Security and DevOps teams about best practices, cloud security methodologies, and anything other issues that come up related to cloud security, to help upskill everyone on an ongoing basis. And finally, we provide 24×7 SOC that performs triage, investigation, and response for all of the cloud alerts. So, if a DevOps team pushes out a change that accidentally exposes data to the public during a maintenance window at 3am on a Sunday morning, we’re going to prevent that from happening by automatically rolling it back but also engage live with your teams to work through the issue. And we back that with unlimited Incident Response for our clients’ cloud environments.

Thanks for taking the time to speak with us today.