Explore. Experience. Share. - Cybersecurity Careers Awareness Week

All throughout the month of October, we have been participating in Cybersecurity Awareness Month to help guide organizations and individuals on how to #BeCyberSmart. For week three, we have shifted our focus to Cybersecurity Career Awareness to highlight the individuals that are eyes-on-glass every day as experienced InfoSec professionals, and to also put a spotlight on ways aspiring professionals can get into the field and thrive.

Even as cybersecurity concerns have increasingly dominated international news, the talent shortage in the cyber industry has only grown over the past year.

Studies show that there aren’t enough skilled tech force workers to fill the jobs available now, much less to meet the increasing demand of the years to come. In fact, (ISC)2 estimates the cyber workforce needs to increase by 62% to meet demand as businesses invest in technology and cyber threats become more sophisticated. The Bureau of Labor Statistics reports that the industry will experience job growth of 31% between 2019 and 2029.

At Fishtech Group, we have prided ourselves on our focus on cybersecurity career development, from providing challenging hands-on opportunities for seasoned cyber career men and women, all the way to hosting mentorship events for area schools to help the next generation find their footing in this growing industry.

Below you will find a mix of resources all surrounding our ongoing commitment to advancing cyber careers. Browse through and be sure to reach out if you have any questions.

#AskFishtech Panel Discusses Cybersecurity Careers

We are gradually building our way to the next installment of our #AskFishtech webcast series at the end of the month, and we’re excited to tackle more great questions after the robust and interesting conversations that were sparked last time around. In fact, here’s a clip from last year’s #AskFishtech webcast with a couple members of our executive team chiming in on cybersecurity careers.

Hear from our own Chuck Crawford, Chief Customer Officer, and Kerry Kilker, Chief Operating Officer, as they talk about their experiences in the field, and discuss ways individuals can get started in cybersecurity.

Fishtech’s Commitment to Engaging Young Learners

Fishtech Group is committed to getting young people interested in cybersecurity. Raising awareness and interest is good for both our company’s mission and the industry overall. We’ve been at it so long that we’ve even hired one of our visiting students after he graduated recently!

And our efforts are being noticed. We were thrilled last month to receive a Corporate Hero Award from the Kansas City Central Exchange for our ongoing efforts to bridge the gender gap in cybersecurity.

Inspiring Tours of Fishtech Campus

After a quiet 18 months, we are happy to once again host students and teachers through our headquarters and Cyber Defense Center. We hold Q&A panels featuring our analysts and developers for the school groups. During Covid, we truly missed the interaction and opportunity to inspire — and be inspired by — these visits.

Each tour includes brief interviews with Fishtech Group employees, all from different parts of our organization. Employees each describe the work they do day-to-day, how their career path led them to Fishtech, and what training and education helped them be successful today. Often they will tell our student visitors that certifications and specialized training are great, but what truly makes a candidate stand out are so-called soft skills that our industry values, such as:

  • Passion and how to apply it to real-world problems
  • Curiosity and how to pursue lifelong learning
  • Creativity and collaboration
  • Ability to troubleshoot

Our recent community engagement includes a diversity of initiatives such as:

  • Hosted 70 adults and teens interested in a cybersecurity career with a Community Expert Panel
  • Toured 20 high school students who aren’t necessarily interested in cybersecurity but are on alternative learning paths
  • Counseled seven college students about next steps in their collegiate and cybersecurity career
  • Explored cybersecurity career choices with a group of math teachers seeking knowledge to mentor their students
  • Helped choose recipients for First Robotics grants to area schools
  • Kicked off KC STEM Alliance’s Remake Learning Days with an eye toward cybersecurity

We’re Hiring!

There are so many different roles that make up the broader cybersecurity industry, and chances are… We’re hiring for most of them. So, what are those roles exactly? We have been asking many members of our leadership team to highlight roles they are looking for so we can get to work recruiting the best of the biz.

Whether you’re actively looking for a new job opportunity, or you are new to the industry and want to learn about what some of the roles in cybersecurity actually are, check out a couple of the below videos to get insight into how these positions fit into our organization.

For more information on our career initiatives, fill out the form below to be connected with a member of our team.

Talking Insider Threat Detection & Response with Kirk Cerny, Senior Director of Insider Threat - CYDERES

Insider threats pose a complex challenge for most organizations.

Information security and IT departments are constrained by conventional network detection systems that don’t account for the distinctly human motivations behind such threats. Meanwhile, HR, legal and physical security teams lack the means to derive useful intelligence from cyber indicators. The result is that risky insiders often go undetected until after an adverse event occurs. That’s why we created our CYDERES Insider Threat Detection & Response solution, or ITDR, to address these common challenges.

In order to illuminate more about this game-changing solution, we talked to Kirk Cerny, Senior Director of Insider Threat at CYDERES to get the lowdown on ITDR, and a broader look at insider threats.

Intro to Insider Threat Detection & Response

CYDERES Insider Threat Detection & Response, or ITDR is a first-of-its-kind solution to help organizations combat the growing number of insider activities that are affecting organizations in adverse ways. ITDR seamlessly combines technical and human behavioral indicators within a single analytics platform, providing a unique blend of cybersecurity firepower and AI-driven behavioral analytics that enable SOC teams and their HR and legal counterparts to proactively mitigate their highest-priority threats.

Starting Your Own Insider Threat Detection Program

Don’t know where to begin with starting your own insider threat detection program? Kirk breaks down a good entry point and highlights how CYDERES can help get your insider threat detection program off the ground.

The Technical & Non-Technical Indicators of Insider Threat

Many insider threat programs focus only on technical indicators, but insider threat is not just a network problem, but a human problem. ITDR focuses on both technical and non-technical indicators to provide a more well-rounded and effective insider threat solution.

What Does a Whole-Person Approach to Insider Threat Look Like?

Kirk dives deeper into how non-technical indicators factor in to our “whole-person approach” to insider threat.

The Present State of Insider Threat

Insider threats are on the rise, and 2021 has been a year where many are either starting or bolstering their insider threat programs, as Kirk explains.

The Importance of Insider Threat Deterrence

Insider threat programs need to be much more than just responding to malicious activity. It is also important to put an emphasis on deterrence to reduce the likelihood that an adverse event will occur.

24/7 Insider Threat Mitigation

Staying on top of insider threats effectively can be a daunting task. With CYDERES, you have a team that is ready to assist 24/7.

Insider Threat Detection & Response

Ready to do address the human factor of cybersecurity? The CYDERES Insider Threat Detection & Response solution is built to provide you with a frictionless way to tackle the issue of insider threat within your organization.

To learn more about ITDR and insider threats, fill out the form below to be connected with one of our experts.

Cybersecurity Awareness Month 2021 – Quick Refresh Guide

Cybersecurity Awareness Month was launched by the National Cyber Security Alliance & the U.S. Department of Homeland Security in October 2004 and has been a continued focus in InfoSec communities each October since. On this first full week of October, we’re turning our focus toward spreading cybersecurity awareness to help members of our community and the organizations we serve do their part to #BeCyberSmart.

Each year, Cybersecurity Awareness Month is a call to action for individuals to own their role in protecting their part of cyberspace. At Fishtech Group, our mission is to lead organizations to a more secure future, but that security isn’t achieved by some vague corporate check box, but rather an every day, ongoing commitment from each and every one of us.

We each have a role to play in making sure we follow best practices to protect our devices and data to ensure the broader security of the individuals in our organizations.

We will be putting out new content every week for all of this year’s Cybersecurity Awareness Month themes. To start off this critical month, we wanted to highlight some quick tips in a “Cybersecurity Basics: Quick Refresh Guide” that will help to inform you about some basic areas of cybersecurity and lay the groundwork for your better overall awareness and understanding on the intricacies of cybersecurity and how you can #BeCyberSmart.

Cybersecurity Basics: Quick Refresh Guide

Ask any cybersecurity professional what the biggest threat is to a company, and most of them will say their employees, even if the threat isn’t intentional. Basic human error is a major contributing factor to 95% of security breaches (The Hacker News). Can you remember the last time you reviewed the login information for your personal and professional accounts or checked the security of your network connection? A few small changes just might save you from an account compromise.

Ready to implement a few upgrades to protect your information and access? Here’s your handy checklist of basic security features to add to or refresh your personal and professional accounts:

  1. Create strong passwords.
    • Ensure that your passwords contain upper and lowercase characters, symbols, and numbers. A random combination of these will make guessing your password and hacking into your personal accounts more difficult.
  2. Use at least two-factor authentication
    • Add an extra layer of protection to your login process by implementing one extra step. Instead of only submitting your login credentials to gain access to your account, set up a second method by confirming your access on a second device. For example, have a confirmation code send to your phone or email.
  3. Keep your software up to date
    • Ensure your operating system, applications and web browsers stay up to date by setting your updates to happen automatically. Many updates include security features, so it’s a good idea to stay on top of them!
  4. Backup your files
    • Be sure you have your important files backed up on an external drive or in the cloud. This way, if something unfortunate happens and you lose information on your device, you have it saved in another place.
  5. Be careful with public Wifi and Hotspots
    • Public wifi and hotspots are not secure internet connectors, so it’s easy to see the activity of others connected to the network. We recommend using a VPN and personal hotspot to access the internet instead.

We hope this handy checklist serves as a quick reminder of the basic, but necessary security practices. If you already have these in place, and we’re certain that most of you do, then a quick refresh won’t hurt. If you don’t, today is the perfect day to start!

Are you an organization looking to ramp up the basic security features you have in place? Our experts at Fishtech Group are standing by to help. Drop us a note below and our team will be in touch.

In the meantime, stay tuned through the rest of October as we continue empowering you to #BeCyberSmart this Cybersecurity Awareness Month. We’ll be back next week for a focus on phishing with ways you can better understand and fight back against these kinds of attacks.

Any questions? Fill out the form below to be connected with one of our experts.

CYDERES Insider Threat Profiles: The IP Thief

What motivates an individual to steal intellectual property from an organization? What types of employees are most likely to commit IP theft? How do they pull it off? And, most importantly, can they be detected and stopped by the security team before something bad happens?

CYDERES, the security-as-a-service division of Fishtech Group, thinks the answer to the last question is yes. But to succeed, the security team must first have a detailed understanding of the Who-What-When-Why-How of IP theft.

An excellent resource for understanding insider threats in all their various forms was published nearly decade ago, when researchers at Carnegie Mellon University’s Computer Emergency Response Team (CERT) Coordination Center published The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud).

The CERT authors delved deeply into the actions, attitudes and intentions of different kinds of insiders and came up with useful insights that have admirably stood the test of time. Along with the contributions of other experts in the field, these insights have influenced the design of our insider threat mitigation solutions and services.

Below is a summary of CERT’s profile of an IP thief.

  • Who: Insiders who steal IP are usually current employees who are scientists, engineers, software programmers and sales personnel. The widespread perception that system administrators are among the biggest culprits, CERT found, is not supported by the research results.
  • What: These individuals steal information they worked on directly, such as proprietary software and source code; business plans, proposals and strategic plans; customer information; and product information such as designs, formular and schematics.
  • When: CERT found that most insiders stole at least some information within 30 days of resignation. That time frame actually encompasses a 60-day window: 30 days before leaving and 30 days after having left.
  • Why: The reasons behind stealing IP can vary widely. One-third of IP thieves are looking to start their own business. Another 40% are starting a new job at a competing business. Most of the remainder represent instances of foreign governments or organizations compromising or enticing insiders to gain access to technologically- or commercially-valuable IP. Interestingly, according to CERT, very few insiders steal intellectual property in order to sell it. Rather, they seek business advantage.
  • How: Exfiltration of intellectual property follows one of several tried-and-true pathways, including email, USB drives and removal of physical documents.

For companies worried they may have an IP theft problem but hesitant to launch their own insider threat program, CYDERES provides a range of capabilities through our first of its kind Insider Threat Detection & Response (ITDR) managed service.

ITDR analyzes an organization’s existing trove of user and network telemetry to find clues that an employee is behaving in a potentially adverse manner. It then uses operationally proven AI-based modeling techniques to filter out the excess noise from the data to identify the riskiest players, including IP thieves.

Buried in that telemetry is a wealth of intelligence on the insider’s circumstances and actions, which are an ideal proxy for gauging intent. The probabilistic model underlying our ITDR analytics turns each data point into a model concept and then builds a Bayesian inference network (image below) that captures the relationships between each concept as well as the relative strengths (low/medium/high) and polarities (true/false) between them.

In simple terms, ITDR applies diverse data sources to the model. The data contains indicators of impactful personal or professional events plus a record of day-to-day actions – such as accessing the web or sending an email – and uses the results to assess and prioritize risk from an individual.

There are separate model indicators for behavioral characteristics, network and device activity and more. For the risk modeling component addressing use cases for ‘IP Theft,’ the strong indications relate to financial stress or impending threats to continued employment.

Medium-strength indicators can range from unwillingness to comply with established rules and procedures to anti-malware alerts. Low-strength indicators include an active social media presence or database content changes.

Our CYDERES Cloud Native Analytics Platform (CNAP) ingests the model results and a CYDERES analyst validates and triages them, delivering the results to organizations in the form of detailed incident alerts and the related evidence needed to launch an investigation, comply with legal and audit requirements associated with such activity and enhance future risk mitigation via policy and control changes.

Because it is a managed service, ITDR can be implemented far more quickly than conventional insider threat mitigation solutions, meaning organizations can start mitigating risk via their employees and contractors much sooner.

The Commission on the Theft of American Intellectual Property estimates that annual costs from the loss of IP range from $225 billion to $600 billion. And the 2021 edition of Verizon’s widely respected Data Breach Investigations Report (DBIR) says that around 22% of such incidents are attributable to an assist from or the unilateral act of a trusted insider.

Industry sectors most often targeted, according to a separate CERT blog post, are information technology (35 percent of cases), banking and finance (13 percent) and chemicals (12 percent). But few sectors have escaped the attention of IP thieves.

Given those stakes, mitigating even one act of IP theft could pay huge dividends to an organization, not just financially but also legally, operationally and reputationally.


#   #   #


Note: Future posts in this series will examine other types of insider threat actors, such as The Fraudster and The Saboteur. To learn more about how ITDR can help your organization rapidly deploy an insider threat capability, download our fact sheet here.

2021 Insider Threat Lessons Learned

National Insider Threat Awareness Month, which wraps up today, has given the cybersecurity community an opportunity to reflect on how the threat landscape has evolved in the past 12 months – and what lessons about detection, deterrence and mitigation can be learned from those changes.

As we did a year ago, let’s examine three of the key lessons.

Lesson #1: Threats Are Quickly Evolving

Disregarding the nearly 50 percent of insider events that can be ascribed to negligent and careless insiders, there are still plenty of malicious actors out there preparing the next insider attack. And they’ve been coming up with novel ways to succeed. Why bother hacking your way into an organization when, for example, you can simply bribe an insider to do it for you? That’s what recent reports say ransomware gangs have been attempting, offering a generous share of ransom payments to the insider who ‘unlocks the back door.’ Most organizations are not yet equipped to detect this and other emerging cyber-attack vectors.

Lesson #2: Vulnerabilities Have Increased

After Covid-19 arrived in early 2020, remote work took firm hold – especially among knowledge workers across a wide swath of industry sectors. With it came a dizzying array of new cybersecurity attack vectors. Along with the more plentiful ‘conventional’ external threat actors, insiders now have better odds of breaching network defenses and stealing intellectual property and sensitive data from the privacy of their own homes. Meanwhile, security teams are scrambling to secure new devices and monitor workers outside the traditional perimeter. Their latest unenviable risk management challenge: the double whammy of a rapidly evolving threat (see Lesson #1) and drastically increased vulnerabilities.

Lesson #3: Don’t Wait to Launch Your Program

Launching an insider threat mitigation program can be a long and complex affair. Detection systems must be selected and deployed, data sources must be connected and staff and management need training in governance and operations. The required commitment in dollars and labor hours before concrete results are obtained can discourage all but the most committed leaders from green-lighting such a program. That said, incidents involving insider threats increased by 47 percent between 2018 and 2020, and no is one predicting the pace will slow. Considering that statistic, coupled with the high cost of cleaning up the mess left behind by an insider attack, the best time to launch an insider threat program was yesterday.

Fortunately, CYDERES Insider Threat Managed Detection & Response managed service is empowering organizations to launch or mature their Insider Threat program very quickly, delivering immediate visibility and results. Learn more in our latest video:

Talking CYDERES Engineering with Cassandra Varvel, CYDERES Director of Engineering

Our Teams are Building a More Secure Future.

We have been incredibly excited by the launch of the CYDERES Cloud Native Analytics Platform (CNAP) 2.0 as we continue to bolster the already amazing capabilities of our strategic partner Google Cloud, and their Chronicle offering.

With Google Cloud’s recent announcements around Autonomic Security, the path to modernizing your security programs is clearer than ever. On their recent earnings call, Alphabet and Google CEO Sundar Pichai recently highlighted GC’s security offerings (incl. Chronicle) as their “strongest product portfolio” empowering their incredible growth.

CYDERES is proud to be one of Google Cloud Chronicle’s founding partners and preferred MSSP partners to deliver this solution.

With all of the excitement building around CNAP 2.0, we wanted to illuminate a bit more of the team that is working behind the scenes to develop these game-changing offerings. We recently sat down with Cassandra Varvel, CYDERES Director of Engineering, to talk about CNAP 2.0, the various parts of the Engineering organization, how we integrate with Google Cloud and Chronicle, and more.

CYDERES Engineering Team

Our CYDERES organization is built of many moving parts. Cassandra illuminates one of the pivotal pieces of the broader CYDERES organization: the Engineering Team. Learn about the various positions within the team, and what impresses Cassandra the most about this talented group.


CNAP 2.0 Benefits

CYDERES Recently launched CNAP 2.0, improving on the CYDERES Cloud Native Analytics Platform that has already provided so much value for our customers. Cassandra talks about some of the new benefits you can expect with this exciting launch.


How Does CNAP Utilize BigQuery?

CYDERES has been in close partnership with Google Cloud, and their Chronicle platform, to help bolster their already incredible threat hunting capabilities, and to provide one of the best answers to the issues of legacy SIEM. Learn more about how CNAP utilizes Google BigQuery and what we bring to the table to help make detecting threats easier than ever.


How is CYDERES Different From a Traditional MSSP

We pride ourselves in being different from traditional MSSP offerings. Cassandra talks about some of the reasons as to why we are a better alternative for those looking to move away from legacy managed security offerings.


The Power of TEAM

It’s important to build great teams that can trust each other and work well in collaborative environments, and we think our Engineering Team is one of the best in the business. Cassandra talks about some of the best aspects of the teams we have been building at Fishtech and CYDERES.


Work on Critical Client Solutions at CYDERES

It can be a daunting task to work in a cybersecurity company, but these challenges can be very rewarding as well. Cassandra talks about the excitement she feels when working on critical client solutions.


Join Our Growing CYDERES Team

Interested in joining our CYDERES team? Hear about some of the positions we’re looking to fill, and be sure to check out our Careers page apply for one of our amazing opportunities!



If you are ready to discuss CNAP, CYDERES Engineering, or any of our other offerings, fill out the form below to be connected with one of our experts.

Insider Threats Are Evolving - Fast

Ransomware gangs continue to find creative new ways of exploiting weaknesses in corporate networks. Now they’ve added a dangerous twist that is sure to make the insider threat problem noticeably worse.

In this latest move, gangs like LockBit are actively recruiting corporate insiders to help them breach and encrypt networks in return for what can amount to million-dollar payouts.

According to a recent article in BleepingComputer, ransomware gangs have traditionally consisted of a core group of developers, who maintain the ransomware and payment sites, and recruited affiliates who breach victims’ networks and encrypt devices, with the affiliate usually receiving 70 to 80 percent of the ransom paid. But LockBit and its counterparts are now “trying to remove the middle-man” by messaging trusted insiders directly rather than using affiliates. The article’s author speculates that while it may seem “counterintuitive to recruit an insider for a network [that’s] already been breached… this message is likely targeting external IT consultants who may see the message while responding to an attack.”

Separately, Brian Krebs of Krebs on Security reports on one gang that offers insiders payouts of 40 percent of the ransom payment. The gangs “seem to have done away with the affiliate model in favor of just buying illicit access to corporate networks,” he adds.

This latest recruitment drive does two things: 1) It increases the pool of likely threats by turning otherwise hesitant insiders into enthusiastic ones; and 2) It significantly heightens the risk that an organization will suffer a major (as opposed to minor) data breach, since the recruits will be seeking the largest possible payout for the unique risk they are taking.

Insider recruitment for pay is the latest in a growing list of use cases for which Fishtech Group business unit CYDERES has designed its new Insider Threat Detection and Response (ITDR) managed service (pictured below).

ITDR, which uses models and other AI-based analytics to process user and network telemetry for early indications of insider intent, is optimized for three specific use cases:

  • Data Exfiltration/Sabotage: Detection of excessive file deletions or movements, unusual e-mail activities and consumer web application uploads is critical to preventing the exfiltration or sabotage of data – one of the more prevalent insider threat events. ITDR detects unauthorized or suspicious data access and activity and makes key correlations on file actions and transfers, focusing on ‘crown-jewel’ data in the cloud, apps, databases, file-shares and disks.
  • Departing Employees: Individuals who plan to leave the organization or learn they are about to be off-boarded pose a substantial risk to corporate systems and data. ITDR focuses on detecting network and application access patterns that indicate job searches, outreach to competitors and data exfil intent. Response capabilities include proactive alerts on these activities plus changes in behavior and productivity, and forensic reports for use during post-termination reviews.
  • Account Compromise: With the right tools, it’s possible to pinpoint behaviors that indicate a potential takeover of credentials by third-party actors via negligent or malicious insiders, at speed and at scale. By detecting unusual login volumes, logins from high-risk locations, or geographically/ temporally impossible login sequences, ITDR excels at alerting investigative teams to instances of potential account compromise – before a data exfil attempt happens.

One could argue that by offering trusted insiders a piece of the action, the LockBits of the world are touching on all three of those use cases.

Whatever the event type, it’s been clear for some time that the insider threat landscape is evolving rapidly. Organizations will need to evolve with it. And even as they address their adversaries’ current innovations, they also should count on even more insidious exploits in the future.

#      #      #

Note: Tune in to our recent ITDR introductory webinar to learn more about the powerful capabilities this managed service can deliver to your organization. Or simply reach out here to schedule a live ITDR demo.

How CNAP 2.0 Unlocks Security Analytics at Hyperscale

SIEM and SOC operations have never been more crucial.

Organizations’ risk landscape is increasing exponentially (ransomware, business email compromise, state actors, just to name a few), exacerbating existing internal challenges of legacy architecture, outdated programs, and an all-around cyber skills shortage even further.

As we’ve said many times, hype and gimmicks, all too often the hallmarks of cybersecurity products will not solve today’s problems. Only real solutions custom-built from a deep understanding of the daily challenges organizations face combined with in-the-trenches know-how should lead the way.

That’s why we are proud to announce the latest customer-value driven upgrades to our Cloud Native Analytics Platform in CNAP 2.0.

First, let’s remember why CNAP was built in the first place from Eric Foster, President of CYDERES.

How CNAP Empowers Google Cloud’s Autonomic Security Operations

Our partner Google Cloud understands the challenges organizations face in modernizing their security operations. Recently, at their first annual Google Cloud Security Summit Series event, they unveiled Autonomic Security Operations, which they define as a combination of philosophies, practices, and tools that improve an organization’s ability to withstand security attacks through an adaptive, agile, and highly automated approach to threat management.

The goal here is to stack your defenses to manage modern threats at Cloud-scale empowering:

Accelerated Transformation

Workshops, technical content, products, integrations, and blueprints designed to help organizations kick-start their modernization journey to a state of autonomic security operations.

Increased Business Agility

Intelligent data fusion, continuous IoC matching, sub-second petabyte-scale queries, and modern YARA-L detection to conduct plaid-speed management of threats at a disruptive cost and massive scale.

Maximized Use-Case Coverage

Hunt for APTs, detect ransomware, investigate network anomalies, identify fraud signals, in-house or with detection and response capabilities of the expert team at CYDERES.

CNAP harnesses the speed and power of Chronicle while layering on vital operational functionality with threat detection rules, dashboards and reporting, investigation and hunt capabilities, ticketing system integrations, and a broad range of custom triage workflows and playbooks that scale across petabytes of customer logs in real-time.

As part of CYDERES CNAP 2.0 launch program, new and existing clients’ UDM parsed security telemetry data in Google Chronicle now leverages industry leading big data analytics tools, BigQuery and Looker, for both pre-built and customized dashboards to easily visualize data ingestion and health, IOC matches, threat detections, authentication events, and much more.

“Security operations in an increasingly digital world, facing ever more sophisticated adversaries, requires a 10X increase in capabilities. Autonomic Security Operations not only powers this improved protection but also sets the stage for ongoing transformation to stay ahead of the threat.”  Phil Venables, Chief Information Security Officer, Google Cloud

Learn more about CNAP 2.0 benefits from Cassandra Varvel, CYDERES Director of Engineering.

To summarize, CNAP 2.0 enables security analytics at hyperscale with:

  • Petabyte-scale detection with sub-second queries in Chronicle.
  • Industry-leading data lake with unlimited ingestion powered by BigQuery.
  • Rich, compelling analytics and pre-built customized dashboards via Looker.
  • Continuous threat intelligence via SOCPrime’s Threat Detection Marketplace.
  • Deep extensibility to a rich ecosystem of integrations.

Taking Steps to Modernize Your Security Operations with CYDERES

As we’ve seen, CNAP 2.0 augments the incredible speed and power of Google Cloud’s Chronicle with the necessary operational layers to truly function as a full-scale SIEM replacement. Similarly, CYDERES security-as-a-service tier of offerings is meant to guide organizations on a journey to full-scale 24/7 visibility, detection, and response. These can either augment your existing SOC program or serve as your primary solution.

Learn more about this tier of offerings from Jeremy Hehl, Vice President of Business Development, CYDERES.

Take a technical deep dive into CNAP 2.0

Join CYDERES and Google Cloud Security experts for a technical deep dive into winning use-cases that are equipping organizations and SOCs globally to give good the advantage and truly empower autonomic security operations, August 31st at 3PM Central.

CYDERES Announces Upgrades to Cloud Native Analytics Platform (CNAP)

Partnership with Google Cloud Continues to Revolutionize SIEM and SOC Landscape

Kansas City, MO (August 23, 2021) — CYDERES, the Security-as-a-Service division of Fishtech Group and a Top 25 MSSP, today announced significant upgrades to its proprietary Cloud Native Analytics Platform (CNAP) with a 2.0 release adding BigQuery and Looker integrations among other customer-value driven enhancements.

CYDERES 24/7/365 security-as-a-service solutions continue to enable organizations to automate and operationalize their security programs to drive unique business outcomes at a fraction of the cost of legacy solutions.

A pre-assembled cybersecurity SaaS offering built on Google Cloud Security’s Chronicle, CNAP has served as an ideal Google Cloud Platform (GCP) service for organizations looking to replace their legacy SIEM or implement Next-Gen Security Analytics, Threat Detection, and Response Capabilities.

CNAP harnesses the speed and power of Chronicle while layering on vital operational functionality with threat detection rules, dashboards and reporting, investigation and hunt capabilities, ticketing system integrations, and a broad range of custom triage workflows and playbooks that scale across petabytes of customer logs in real-time.

As part of CYDERES CNAP 2.0 launch program, new and existing clients’ UDM parsed security telemetry data in Google Chronicle now leverages industry leading big data analytics tools, BigQuery and Looker, for both pre-built and customized dashboards to easily visualize data ingestion and health, IOC matches, threat detections, authentication events, and much more.

Leveraging experience with clients across the vertical landscape, CYDERES expert team has built unique industry-specific dashboards to empower and accelerate data-driven security outcomes so that organizations can regain their focus on overall growth.

“The continued enhancements to CYDERES CNAP truly enable our customers to experience the power of security analytics at hyperscale and efficiency. The enhanced visualizations alongside the ability to perform millisecond queries across 6 months of telemetry with unmetered ingestion is a game-changer for organizations seeking to modernize their detection and response capabilities.”, said Eric Foster, President, CYDERES.

CNAP clients leverage Google Cloud’s full suite of Autonomic Security Operations, an adaptive, agile, and highly automated approach to threat management, but also additional functionality to build machine learning models, parsers, reports, and more. For CYDERES Enterprise Managed Detection and Response customers this also includes a fully dedicated backend ticketing system for the escalation and remediation of alerts.

Google Cloud Chronicle’s partner of the year two years in a row, CYDERES CNAP gives organizations a deeper, richer, and more interactive view of their security data.

About CYDERES and Fishtech

Fishtech Group is the #1 cloud native security-as-a-service solutions provider enabling secure and successful business transformation. Born in the cloud and based in Kansas City, Fishtech Group includes the 24-7 Cyber Defense and Response division CYDERES and security analytics firm Haystax in Mclean, VA.

Contact: Jennie Hanna, jennie.hanna@fishtech.group 

Learn more about CYDERES award winning security as a service offerings by filling out the request form below.

Unlocking Continuous Security Intelligence with SOC Prime

24/7 threats require 24/7 diligence.

Not only does that require people, process, and technology to manage cybersecurity risks, detect threats, and respond to security incidents, it requires access to the absolute latest in real-time intelligence.

That’s exactly why we’ve partnered with SOC Prime, and their industry-leading Threat Detection Marketplace, the largest SaaS threat detection content platform in the world used by more than 12,000 security practitioners from 6,000-plus companies.

Why waste precious time building queries, rules, parsers, and other threat-detecting content when you can leverage a growing library of over 85,000 queries, rules, parsers, machine learning models, SOC-ready dashboards, and more.

What’s even better is that CYDERES customers receive customized content based on each client’s uniquely generated threat profile from our expert team via our 24/7 Enterprise Managed Detection & Response program.

Learn more of how this impacts our customers from Josh Culotta, Director of Security Operations.


Recently SOC Prime went into great detail to breakdown all the reasons why their program offered the perfect continuous security intelligence solution to complement our 24/7 Security-as-a-Service operation CYDERES.

In short, SOC Prime enables our customers to receive:

  • Delivery of curated and verified detection content along with continuous support
  • Proactive response to the most critical and constantly emerging threats in real-time
  • Continuous threat coverage and content alignment with MITRE ATT&CK® v.9
  • Seamless integration with Chronicle Security powered by Google Cloud and 20+ supported SIEM, EDR, and NTDR security solutions

Many organizations are facing the following challenges:

  • How to Build Custom Behavior-Based SOC Content.
  • Talent Shortage and Content Scalability Issues.
  • Mass Content Migration from On-Premise SIEM to Cloud.
  • Lots of SOC Team Hours on Content Development to Cover the Latest Threats.
  • Continual Enrichment and Automation

Go in-depth via the case study below and learn how CYDERES and SOC Prime are overcoming these hurdles and providing continuous security intelligence for our customers.


This partnership enables CYDERES CNAP to provide advanced detection content without increasing our human capital, helping us deliver on the vision of “legendary service at a fair price” that’s been so instrumental in helping us disrupt the legacy MSSP industry. More importantly, with this incredible baseline of rules, we can repurpose our detection engineering team on creating highly customized content to optimize security protection for each of our clients. – Eric Foster, President, CYDERES