The Healthcare Industry Has a Remedy for Insider Threats

Today’s blog post comes from our colleagues at Haystax, a wholly-owned subsidiary of Fishtech Group, talking about the lessons organizations in every industry can learn from the integrated insider risk mitigation programs of the health care industry. Check out the original article on their website here.

Of all U.S. industries, healthcare is the most highly regulated – even more so than the heavily scrutinized banking and finance sector.

There are health-related laws such as HIPAA, which among other things safeguards the privacy of patient records, plus an array of regulations that seek to protect individuals from health risks while boosting overall public health and welfare. Compliance is not optional.

Given this stringent regulatory environment, healthcare companies go to great lengths to safeguard their security as well, especially where patient data and their own valuable intellectual property are concerned.

So it should come as no surprise that these companies mobilized quickly when they started experiencing major data breaches several years ago, including cases where trusted insiders stole information and either sold it or left and took it to a competitor.

Indeed, the 2019 edition of Verizon’s widely read Data Breach Investigations Report (DBIR) confirmed the trend. Verizon noted that 15 percent of all breaches were in healthcare, as compared to 10 percent for finance.

The DBIR further found that trusted insiders were responsible for 59% of the security incidents and breaches it analyzed. Some of those were due to malicious intent while others were accidental or caused by negligence, and the actors could be found at every level of a company – from customer service representatives to IT staff to senior executives.

Importantly, the DBIR also found that: “Financial gain is still the most common motive behind data breaches where a motive is known.”

The federal government has weighed in as well. A few months ago the Office of Civil Rights (OCR) under the U.S. Department of Health and Human Services warned of the dangers posed by insider threats in the medical field – where employees had exposed confidential medical information for financial gain or as retribution.

OCR presented its own recommended best-practice guidelines on how best to manage an insider threat program. It said all organizations should:

  • Understand where their data is located, the format in which it resides and where it flows throughout the enterprise;
  • Establish who is permitted to interact with their data and what data those users are permitted to access, in order to determine appropriate access controls; and
  • Consider how an organization’s users will interact with data.

OCR additionally recommended achieving greater real-time visibility and situational awareness through systems that detect suspicious user activities, audit controls and audit-log reviews and security incident tracking reports. And it advocated for understanding the human element of risk through continuous awareness, assessments and preventive actions in the face of changing personnel circumstances such as promotions, demotions, transfers and – especially – involuntary separations.

There are broader lessons to be learned from the way the healthcare industry has responded to data breaches and other attacks, in particular with an increased focus on insider threat mitigation.

Healthcare companies are now required to conduct risk assessments to uncover potential data breaches. Moreover, they must document the assessment findings and address any vulnerabilities they have found. And you can bet that identifying signs of financial stress or motivation is a key component of their assessments, along with monitoring exfiltration methods and analyzing peer groups within the organization.

Even if your company isn’t nearly as tightly regulated as those in the healthcare industry, there are benefits to following their lead on standing up an integrated insider risk mitigation program that combines clearly articulated policies, cross-departmental cooperation and leadership buy-in with the right analytical processes and tools.

It’s not just good corporate practice – it can save your company from loss of data, reputational damage, civil liability exposure and, potentially, federal and state regulatory enforcement actions.

#    #    #

Note: Want to conduct a risk assessment to find your hidden insider threats, regardless of whether their intent is malicious or – whether they are unwitting or negligent actors? Contact a Haystax rep or click here to find out how.


The Cost Factors for Why You Shouldn't Build a SOC In-House

In a recent blog post, we introduced a new series we will be curating over the next couple of weeks about why you shouldn’t build a SOC in-house. Though the alternative of using an MSSP (Managed Security Service Provider) can be a frustrating experience, almost no one can defend building a SOC in-house.

To help bridge the gap between these two solutions, and to provide a good alternative to an in-house SOC, we wanted to build an operation that is different from other MSSP offerings and effectively do away with all of the negative connotations that come with the territory. That solution is CYDERES, our 24/7 human-led and machine-driven security-as-a-service.

So, let’s look at one of the issues with building a SOC in-house, and how CYDERES can be an effective alternative. Today we will be looking at why cost is a huge factor as to why you shouldn’t build a SOC in-house.

SOCs are Expensive

We’re not talking about pricey options to warm your feet up, although apparently there are also some pretty expensive SOCKS as well. We’re talking about the costs that come with trying to put together world class security operations centers.

There’s no doubt that any organization that’s building out their cybersecurity program needs to utilize a security operations center. Unfortunately, it can be pretty difficult to put one together in-house, and there are a number of factors as to why.

Cost Factors for Why You Shouldn’t Build a SOC In-House


The first factor is people. You will need a minimum headcount of 12 to 15 people to make sure there can be someone available for every shift, and to make sure all of your bases are covered when anyone goes on vacation or gets sick. Along with the salaries for these positions, you will also need to invest heavily in training off the bat, which can be a huge initial cost upfront before you even get rolling on protecting your organization.

The second factor is technology. If you were worried about the initial upfront costs of training, you may want to shield your eyes from the price tag on acquiring the necessary threat detection technology, which is again something you need to focus on before you even get operations going. The costs for these technologies aren’t just isolated to the acquisition stage either. These technologies carry significant annual or on-going costs as you continue to use them, and can get out of hand quite quickly.

The third factor is facilities. You are already investing so much into the people and technology necessary to build out your in-house SOC that facilities can take a back seat. Either you will have to pay huge sums of money to build out a nice facility adding to your previously incurred costs, or you may be forced to cut corners and relegate your people to less than ideal spaces. This can become prohibitive over time as many of your professionals may leave your organization over such conditions, and in an industry that is already facing talent shortages, this can become a huge problem for your long-term viability.

Using CYDERES Over an In-House SOC

To remedy many of these cost issues that arise when trying to build your own SOC in-house, we created CYDERES, our human-led and machine-driven security-as-a-service, while creating a better alternative to MSSPs that carry their own problems.

We have been hiring new talent to bolster our already phenomenal cast of cybersecurity professionals, and have built out an ‘a’ team that can provide 24/7 enterprise managed detection and response, among other services.

We have also recently built a world-class Cyber Defense Center to house our CYDERES professionals to make clear our dedication to becoming the best managed security provider in our industry.

Furthermore, because cybersecurity is a core competency of our business, we are able to continually attract the best in the business, because we can make these talented professionals the centerpoint of our business, rather than be a specialized wing of other businesses trying to build out a security team in an organization whose core competencies may place emphasis in other areas.

On the technology front, we have heavily invested into any solutions that give us the capabilities we need to succeed. We have an engineering team with 15+ dedicated developers to help build the tools we need to integrate 3rd party products and help us do our jobs better. We also have access to Fishtech sales engineers and partners to create a team of people to help get us up to speed on the latest and greatest in our industry and troubleshoot any issues along the way.

As an alternative to in-house SOCs, we are more cost effective. As an alternative to MSSP, we are better, faster, cheaper, scalable, and we can prove it.

So that just leaves one question… When can we prove it to you?

Fill out the form below to get connected with one of our CYDERES experts to see how you can leverage CYDERES to get world class protection, without the unnecessary cost burdens of building your own SOC in-house. Focus on your business, we’ll handle your threats.


Fishtech's James Grow: YubiKeys Aren't a New Hardware Token

Before this post on YubiKeys, we recently published a couple blog posts over the last few months on passwordless authentication and emphasized the importance of multi-factor authentication in our National Cybersecurity Awareness Month post.

We’re always keeping our ear to the ground on advances in these areas, and with a recent announcement at Microsoft Ignite, Yubico, the leading provider of authentication and encryption hardware, and YubiKeys, the authentication devices they manufacture, have been in the news. We have also been seeing a lot of conversations pop-up on LinkedIn regarding YubiKeys and their uses in both the passwordless authentication and multi-factor authentication spaces.

In an effort to provide some clarity on these devices, we talked to our own James Grow, Director of our DevOps and Security Automation practices at Fishtech, and asked him to define what YubiKeys are, and why he uses them. Below you’ll find his quick write-up, and a video of James demoing how he uses his YubiKey.

 

YubiKeys Aren’t A New Hardware Token

YubiKeys aren’t a hardware token. They’re a radical shift in the fundamentals of how we do trust, authentication, and identity.

YubiKeys work with new, standard/open APIs such as WebAuthn. They implement strict controls and checks to provide better guarantees, such as trust. They also enable passwordless multi-factor authentication that, at least so far, completely mitigates phishing attacks. It seems to have eliminated an entire class of security threat.

How often do we see an entire threat vector eliminated? Once or twice in a lifetime?

Here’s a little more detail on how it works, and I encourage anyone curious to check out WebAuthn and FIDO2.

Registration

  1. When a user first logs onto a service – they provide their username, and it’s passed to the relying party (service/app we are signing on to use). No password is entered or exchanged.
  2. The server sends back a challenge key for the user for one-time registration and provides its relying party info – the client verifies this for authenticity, then checks against it any time the user connects to this app again.
  3. The authenticator (YubiKey) is triggered to perform user verification and consent (pressing the button, entering pin, biometrics).
  4. Authenticator – YubiKey – generates and exchanges a public-private key-pair that is explicitly associated with this app via a credential ID. The credential ID and public key are combined to create an “attestation object,” and provided to the relying party/service. The attestation object is a mechanism to do verification checks of the authenticator’s integrity.

No password, PIN, or anything else has been exchanged or can be phished/spoofed.

  1. Finally, the server/relying party verifies the challenge-response and signatures are good and registers the client/authenticator.

Authentication

  1. User signs on by providing their username to the server (relying party).
  2. Server provides a challenge, and it’s relying party info
  3. The client verifies the relying party ID against the origin. Then the YubiKey is given the domain name the challenge is associated with and requests consent from the user. If the domain doesn’t match the data saved during registration, the server/relying party is considered a risk and not trusted.

That last point is a very crucial distinction and why YubiKey/WebAuthn hard counter phishing attacks. The YubiKey has the server/relying party’s domain and info from registration stored directly. If an attacker tries to trick the user into entering credentials into a spoofed site, the authenticator fails the verification check, helping to eliminate the weakest-link – untrained or careless users, or even experienced users duped by a sophisticated counterfeit.

  1. The authenticator/YubiKey creates and sends a signed assertion and authenticator data partially derived from the key exchange during registration.
  2. Client/browser forwards auth data from YubiKey/authenticator and includes the PublicKey associated with the service/relying party.
  3. The server/ relying party validates the challenge and checks the keys/signatures against its records from registration. If all checks succeed, the user is authenticated and is verified/trusted. And we can be confident of this. No one entered a password or struggled to get their phone out to authorize a push.

So, the service and the user mutually can be confident of their authenticity/integrity, and that the interactions are intentional via multi-factor authentication.

Hopefully, this has helped bring some awareness and understanding, and hopefully, excitement about how game-changing this is!

If you would like to talk to one of our experts more on security keys, passwordless authentication, and multi-factor authentication, fill out the form below.


Making the “Bad Words” in Cybersecurity Better with CYDERES

There are many notable instances in cybersecurity when acronyms take on lives of their own. They become new words with instant associations. For us, we hear “SOC” and immediately think of our world-class Security Operations Center facility housed in our Cyber Defense Center in Kansas City.

In some cases, these acronyms become bad words in the industry. Two of these acronyms we will be talking about today are MSSP (Managed Security Service Provider) and SIEM (Security Information and Event Management). Let’s briefly dive into why, starting with MSSP.

MSSP is a bad word

MSSPs have a bad reputation. With managed services, other people are taking over the control of your data and don’t always give you visibility into your own information. You’re locked out of your data, and locked in to legacy tools. MSSP has unfortunately become a literal 4 letter “bad” word.

These negatives offset the obvious benefits that you also receive with MSSPs including giving you the talent you need that would be difficult to assemble on your own, knowledge that you wouldn’t have access to otherwise, and often at a fraction of the cost of hiring the talent to cover you 24/7 or even 8/5.

Unfortunately, due to the costs of building a SOC in-house, many organizations have to settle for MSSPs taking the good with the bad. Talk about needing a spoonful of sugar to help the medicine go down.

SIEM is a bad word

SIEM is slow and costly. You may recall one of our blog posts from a few weeks back that looked deeper at both of these issues in regard to legacy SIEM.

In the era of big data, your SIEM has more information than ever to comb through, and that can delay the amount of time it takes to detect credible threats leaving your business vulnerable.

SIEM cost structures also aren’t conducive to modern businesses. These license costs along with sluggish speeds have caused SIEM to become another 4 letter “bad” word in cybersecurity, despite the necessity of it to go through your logs and data.

CYDERES: A Worthy Addition to the Cybersecurity Lexicon

For many cybersecurity teams, MSSP and SIEM are necessary evils. Compromises have to be made to make sure you have the tools necessary to protect your organization, right?

There IS a better way. CYDERES’ 24/7 human-led and machine driven security-as-a-service gives you the people, process, and technology to help organizations manage cybersecurity risks, detect threats, and respond to security incidents in real time.

CYDERES gives you the good parts of MSSP without getting dragged down by the same-old problems traditionally giving MSSPs a bad name. Our full EMDR solution gives 24/7 expertise with full client visibility, unlimited incident response, or, the ability to respond yourself should you choose to do so.

Similarly, Chronicle gives you the good parts of SIEM without speed and cost issues. It’s literally the same platform that Google uses to defend itself! The cost of Chronicle is calculated per employee (not amount of data ingestion), and the platform searches petabytes of telemetry data in under a second.

With our partnership, we’re re-writing the cybersecurity lexicon and making these bad words better. CYDERES (CY-ber DE-fense and RES-ponse) gives you managed security in a way that not only gives you total visibility into your data, but many other solutions conducive to a well-oiled security machine including:

  • 24/7 Expert Team.
  • Scalable infrastructure.
  • Lab-tested technology.
  • Industry-leading speed and data science.
  • Real-time response.

CYDERES is 100% powered by Chronicle, Google Cloud’s security telemetry platform. As we have mentioned in our blog posts in the past, Backstory provides 10x the performance of traditional SIEM at a fraction of the cost. Better yet, our CYDERES professionals are the leading Backstory experts.

A Solution Without an In-House SOC

We want to make the bad words in cybersecurity better. That’s why we created CYDERES and fostered partnerships that allow our organization to excel. Almost no one can defend building a SOC in-house, so we wanted to build an operation that is different from other MSSP offerings to do away with all of the negative connotations that come with the territory.

To put it succinctly, we are better, faster, cheaper, scalable, and we can prove it.

Over the next month, we will be looking at some of the reasons why most organizations shouldn’t build a SOC in-house, and why CYDERES is a better choice for managed security. Stay tuned to the blog for more insights! In the meantime, if you’re ready to connect with CYDERES experts for more information on our people, process, or world class facility, fill out the form below!


Redefining the Hunt for Insider Threats

By John Boatman

The Fishtech CYDERES Threat Hunt Tour, powered by Chronicle continues this week in Detroit, MI and Bentonville, AR.

One of the questions we’ve repeatedly been asked during our nationwide Threat Hunt Tour is: “How can we do a better job of mitigating our insider threats — not just the external ones?”

Good question. And very timely, considering that 70% of companies in a recent survey said insider attacks have become more frequent in the past 12 months.

At Fishtech Group, we believe the most effective insider threat mitigation programs seamlessly combine policies, processes, and technologies into a comprehensive risk-based approach that can detect insiders regardless of whether they are malicious, willfully negligent, or simply unaware of the harm they’re causing.

As part of that approach, the optimal technologies use a blend of analytic techniques to assess and prioritize workforce risk. For example, Fishtech Group’s Haystax subsidiary employs probabilistic models, enhanced with rules-based triggers and machine learning algorithms, to detect and prioritize anomalous behavior among trusted employees at government and private enterprises alike.

September was Insider Threat Awareness Month, which presented an ideal opportunity for the Haystax team to reflect on some of the top challenges that small and medium enterprises need to focus on as they hunt for insider threats:

  • Take the variety of insider threat personas, for example. Haystax was supportive of a Verizon study that took organizations to task for looking primarily for malicious insiders, ignoring several other kinds of threat behaviors that are often just as harmful. Verizon lists not one or two, but five, categories of insider threat: Careless Worker; Inside Agent; Disgruntled Employee; Malicious Insider; and Feckless Third Party. It takes a particular kind of analytics to distinguish between them.
  • Continuous vetting is the new black. It’s no longer sufficient for an organization to screen employees once before they walk in the door. There are examples abound of people ‘going rogue’ after a few years of employment, due to a variety of factors that can include financial stress, failed relationships or poor HR reviews. As a result, employers need to find a way to continuously vet (aka evaluate) their staff, executives and even their vendors and contractors. Haystax has blogged numerous times about the issue.
  • Most malicious insiders are smart enough to conceal their behavior and blend in well with the normality around them. In these cases, it takes the ability to turn qualitative information collected from a wide variety of sources, including fellow employees and anecdotes, and transform it into quantitative evidence used to ‘connect the dots‘ and catch a spy or saboteur or fraudster before he or she can do real damage. See the Haystax use case on Cuban spy Ana Montes for an example of how that works.
  • Despite its wide use, the term user behavior analytics (UBA) has come to mean something quite narrow: analysis of user behavior on networks and other systems, and the application of advanced analytics to detect anomalies and malicious behaviors in those systems. Find out why that network-centric approach is not adequate to the task of catching your most dangerous insiders — and why a person-centric analytical approach is.
  • Also find out why small businesses are most vulnerable to insider fraud, and how the U.S. government’s latest Insider Threat Maturity Framework still leaves some key questions unanswered.
  • Finally, the Haystax white paper To Catch an IP Thief lays out in detail the events that lead a senior executive down an unhappy path from star executive to full-blown insider threat in the space of less than four years — and how the Haystax Analytics Platform would have detected him before he could steal his company’s valuable intellectual property.

Since October is Cybersecurity Awareness Month, it’s also an opportune time to showcase Fishtech Group’s Security-as-a-Service division, CYDERES, a top-rated managed security services provider (MSSP) for detecting internal and external cyber threats.

A brand new partnership with Alphabet unit Chronicle gives CYDERES the ability to deliver managed detection and response services for Chronicle’s new platform. This partnership offers clients unmatched capabilities for threat hunting, incident investigation and ultimately detection and response.

There are nine Threat Hunt Tour sessions between now and the end of the year. Click here to register for the one closest to you, and learn how CYDERES and Chronicle can help you prey on your external and insider threats in an entirely new way.


National Cybersecurity Awareness Month 2019

Though Fishtech works every day to give cybersecurity the awareness it deserves, each October,
we’re happy to see an extra emphasis given to the importance of taking proactive steps to enhance cybersecurity at home and in the workplace during National Cybersecurity Awareness Month.

Each year we hope to share lessons that we have gleaned from more than two decades of shaping the landscape of cybersecurity solutions. These insights are often tried and true principles worth revisiting, as we continue to prepare for an ever-evolving future.

Cybersecurity Requires More Than a Nod of Approval from the C-Suite

In today’s business environment, cybersecurity risk management programs are more important than ever. Traditionally, this has been recognized by the IT teams who would try to stress the importance upstream, but as businesses continue to undergo digital transformation, modern cybersecurity programs require buy-in from the C-suite.

Cyber attacks affect every aspect of an organization, from IT, to finance, to HR. The leaders of the organization need to prioritize their focus on mitigating the cyber risks inherent to modern business to protect everyone under their purview.

Cyber-Hygiene is Not Enough

It may be easier to go through the motions and make your way through the normal checklist and make sure you’re complying with standards that may or may not be right for your business.This approach is just not enough. Organizations need to take an approach informed by data.

Focus should be on threats that pose the biggest risk, not those that are part of your routine “box checking”.

Network Data is Not Enough

Internal threats detected through network logging and aggregation are detected too late. Early indicators of internal threats come from human actions and attitudes. There are better ways to get in front of potentially devastating internal attacks. There are solutions that use better models than network data to reveal behaviors of potential insider threats, well before they become a problem (a particular specialty of our friends over at Haystax).

Technology Alone is Not the Solution

You may have heard us talk about people, process, and technology. That’s because all three of these are integral to a proper cyber-risk management program. Many security vendors will try to sell you software that is the be-all and end-all of cybersecurity. There are more factors to a complete cybersecurity program than the “perfect technology”. You need trained staff that will follow processes exactly as they are specified so that all other factors that could provide a vulnerability outside of what each technology protects from will be mitigated.

Cybersecurity Awareness in 2019

While we believe that these four items carry particular importance to organizations overall, we have also loved the overarching themes of 2019’s edition of National Cybersecurity Awareness Month: “Own IT. Secure IT. Protect IT.”

With these themes, there is more of a focus on personal accountability to help create a foundation of proactive behaviors and awareness to strengthen each individuals’ knowledge and confidence to help create a culture of cybersecurity throughout each organization.

We will highlight a few of the basic strategies of each theme below, but we definitely
recommend checking out more resources on each of the following areas to make sure your
knowledge is up to date on best practices in cybersecurity for you and your organization.

Own IT:

  • Be aware of what you share on social media.
  • Review your privacy settings for each app that you use, and continue to do so with
    regularity.
  • Make sure your applications and accounts only receive the base level of information. If
    they are asking for too much, ask yourself if you really need to use these tools.
  • Don’t forget about smart devices. Monitor how these are used as much as you would
    with your smartphone.

Secure IT:

  • Create strong and unique passwords or passphrases. The more characters the better.
  • Utilize multi-factor authentication for added security.
  • Take care when shopping online. Make sure you are shopping at places you know you
    can trust.
  • Scrutinize every email that includes links or requests for information to protect yourself
    from phishing.

Protect IT:

  • Make sure you update to the latest security software, web browser, and operating
    systems.
  • Avoid public Wi-Fi as much as possible.
  • If you are collecting customer/consumer data, make sure it is secure.
  • Cybersecurity is important in the modern age, and it is important to re-evaluate your own
    adoption of cybersecurity practices as much as possible.

We hope this post helps give you a starting point on items to re-visit on your quest to #BeCyberSmart.

We hope you have had a successful National Cybersecurity Awareness Month. If you have any questions for our experts on how to improve your cyber awareness, fill out the form below to get connected!


How the Cybersecurity Talent Shortage Threatens Your Organization

The Threat Hunt Tour, powered by Chronicle with Fishtech Group’s CYDERES, roars on! Find us in the coming days in Houston, Dallas, and Phoenix. Are we coming to your city?

We’re bringing the tour to 15 cities through early November to highlight the capabilities of Google’s Chronicle and Fishtech Group’s CYDERES. We want to demonstrate in-person how this superlative platform and expert consultants can literally change the security landscape of your organization and combat the threats you face every day.

For more information on the Threat Hunt Tour and to find registration links for the remaining tour stops, visit ThreatHuntTour.com

In this blog, we’ve been covering some of the various threats to your business all month long. We’ve already covered the inefficiencies of legacy SIEM in our last post and how the slow speed of legacy SIEM is a threat to your business. We’ve talked about the rising and unscalable costs of legacy SIEM solutions.

We’ve established the harsh truth that legacy SIEM is inefficient and inexpensive. There’s another very real threat to your organization that everyone in cybersecurity knows all too well – the huge shortage of skilled and ready-to-go talent in the industry. And this threat just may be worse than you think.

Chances are your cyber defenses don’t measure up to the high standards you set when you took the job. The biggest reason may be you just can’t hire or retain enough personnel with the skills and experience necessary to mitigate your worst cyber threats.

By 2021, experts predict we’ll see 3.5 million open cybersecurity positions worldwide, with at least 500,000 of those unfilled jobs in the U.S. alone. That’s more than triple the shortfall that existed just two years ago. Meanwhile, cyber-attacks are growing in scale and impact.

The problem is not merely a talent shortage. There are plenty of people interested in a cybersecurity career. And while companies need people who can be effective immediately, they may not require traditional, let alone advanced, degrees.

Imagine having access to human-led, machine-driven security-as-a-service combined with unmatched speed and scalability to steer your organization through the next cyber attack. We’ll show you how to get just that during the Threat Hunt Tour.

Organizations are slowly coming around to an acceptance of partnerships to meet their cybersecurity mission. Foundational to that acceptance are these beliefs:

  1. Cybersecurity has become too specialized, technologically complex and labor intensive to manage only in-house
  2. Digital transformation is making these partnerships a viable option even for something as consequential as company security.

CYDERES is this new breed of partner — neither a conventional outsourcing firm nor a pure consultancy. Instead, CYDERES experts offer security-as-a-service and bring unrivaled Chronicle expertise to enhance your security operations.

We’ll be talking about that and more during the Threat Hunt Tour that is running through early November.

It’s time to prey on your threats – instead of letting them undercut your vision and goals for the future.

Attendees will leave the tour with a FREE demo environment of Chronicle, the security telemetry platform that will give you unmatched speed and unequaled scalability when analyzing massive amounts of data to hunt the threats to your organization.

Learn how to search through petabytes of security telemetry in a fraction of the time at a fraction of the cost of traditional SIEM providers.

Join us on the tour to learn how CYDERES brings unrivaled Chronicle expertise to enhance your security operations through human-led, machine-driven security-as-a-service. CYDERES is the seasoned expert you need to help your team fully realize the game-changing capabilities of Chronicle.

WE’RE COMING TO A CITY NEAR YOU!

Check out our tour stops and register to save your spot. Space is limited, so don’t delay. Visit ThreatHuntTour.com for registration links, and more information. We’ll see you soon!


The Threat of Unscalable Costs and Unsuitability of Legacy SIEM in Modern Organizations

The Fishtech CYDERES Threat Hunt Tour, powered by Chronicle is continuing this week in Chicago, IL and Reston, VA. Join us in your city!

We’re hitting 14 cities over the course of the next two months to highlight the capabilities of Google’s Chronicle and Fishtech Group’s CYDERES and how they can change the security landscape of your organization, and combat the threats you face every day.

For more information on the Threat Hunt Tour and to find registration links for each of the tour stops, visit ThreatHuntTour.com

To give you a taste of some of the information we’ll be covering on the tour, we’re going to be looking at various threats to your business all month long. It’s time to prey on your threats – instead of letting them undercut your vision and goals for the future.

Today, let’s talk about the rising and unscalable costs of legacy SIEM solutions.

We’ve already covered the inefficiencies of legacy SIEM in our last post and how the slow speed of legacy SIEM is a threat to your business, but the issues don’t stop there. Performance is obviously a huge factor for organizations looking to hunt threats, but we know that there are other areas decision makers look at when looking at cybersecurity options for their organizations – namely, cost.

Legacy SIEM is expensive.

The cost structure of traditional SIEM is not conducive to growing organizations that are looking to scale their security telemetry analysis with the expansion of their operations.

When your threat hunting solutions are stretching your budget, it limits your ability to adapt to other challenges in your business, and may hinder your overall growth. Wouldn’t it be great to have a solution that has number of users, not data threshold, as the basis for cost structure? We will touch on this more on our many stops of the Threat Hunt Tour.

Unfortunately, the cost problems don’t stop there.

Organizations often need to hire outside help to assist with implementation and integration, as each organization’s security priorities are unique, so SIEM alerts will need to be customized for specific use cases. This can be a robust process and can become quite expensive, and this isn’t even looking at licensing costs for the SIEM.

Furthermore, for a solution that is slow and increasingly expensive, legacy SIEMs are shockingly ill-prepared for organizations that are transitioning to the cloud.

True digital transformation is here.

It is imperative for organizations to modernize their infrastructure and move to the cloud and make sure their security management system can keep up with the rigors of modern business.

You may be in the middle of your own digital transformation right now. We know there are many stages of cloud integration through our own work with organizations across the country. For transitioning businesses, certain corporate assets may be located in your data center, while others may already be in the public cloud.

In these situations, your traditional SIEM most likely doesn’t allow visibility into the assets that are in the cloud provider’s network. This can become a big problem as your organization continues to expand.

There are many issues with legacy SIEM, but luckily, there are many alternative solutions as well.

We’ll be talking about that and more during the Threat Hunt Tour that is running until November.

Attendees will leave the tour with a FREE demo environment of Chronicle, the security telemetry platform that will give you unmatched speed and unequaled scalability when analyzing massive amounts of data to hunt the threats to your organization.

Learn how to search through petabytes of security telemetry in a fraction of the time at a fraction of the cost of traditional SIEM providers.

Join us on the tour to learn how CYDERES brings unrivaled Backstory expertise to enhance your security operations through human-led, machine-driven security-as-a-service. CYDERES is the seasoned expert you need to help your team fully realize the game-changing capabilities of Chronicle.

WE’RE COMING TO A CITY NEAR YOU!

Check out our tour stops and register to save your spot. Space is limited, so don’t delay. Visit ThreatHuntTour.com for registration links, and more information. We’ll see you soon!


How Legacy SIEM Threatens Your Business

The Fishtech CYDERES Threat Hunt Tour, powered by Chronicle launched last year in Boulder, Colorado.

We hit 14 cities over the course of two months to highlight the capabilities of Google’s Chronicle and Fishtech Group’s CYDERES and how they can change the security landscape of your organization, and combat the threats you face every day.

For more information on the Threat Hunt Tour and find which cities we visited on the tour, visit ThreatHuntTour.com

To give you a taste of some of the information we covered on the tour, we’re going to be looking at various threats to your business through a few blog posts. It’s time to prey on your threats – instead of letting them undercut your vision and goals for the future.

Today, let’s talk about legacy SIEM solutions.

Frankly, your legacy SIEM sucks. Literally! It’s sucking away time and profits from your business every day. It’s slow. It’s not built for a new era of analyzing petabytes of security telemetry.

Fact: Your SIEM’s speed is a threat to your business.

In the era of big data, your SIEM has more information than ever to comb through, and that can delay the amount of time it takes to detect credible threats leaving your business vulnerable. Over time, analysts will begin to inadvertently get trained by these slow searches to choose what is worth searching for, which is whatever is returned the fastest.

This can create a huge vulnerability for your organization, as analysts may not be finding the most pressing threats to your business due to a slow SIEM.

There is a better way. There is a FASTER way. On the Threat Hunt Tour, we put together hands-on workshops with proactive strategies to give you faster and more inexpensive solutions to the issues caused by traditional SIEM.

Fact: Your SIEM’s cost structure is a threat to your business.

Attendees left the tour with a FREE demo environment of Chronicle, the security telemetry platform that will give organizations unmatched speed and unequaled scalability when analyzing massive amounts of data to hunt the threats to your organization.

It’s time to learn how to search through petabytes of security telemetry in a fraction of the time at 1/10 the cost of traditional SIEM providers.

Get a solution that has number of users, not data threshold, as the basis for cost structure. Talk about a game-changer that everyone on your board can get behind!

We’d love to talk about how CYDERES brings unrivaled Chronicle expertise to enhance your security operations through human-led, machine-driven security-as-a-service. CYDERES is the seasoned expert you need to help your team fully realize the game-changing capabilities of Chronicle. Fill out the form below to get connected with a CYDERES expert so that you can harness this incredible opportunity to leave your threats in the dust.


The Rise of Passwordless Authentication

Last year, in a time before lockdown, a couple members of our team went to a Kansas City IAM Meetup. One of the first facts on our presenters’ screen said:

2 of 5 people have had their password hacked

Another recent article on our radar highlighted that hundreds of thousands of people are using passwords that have already been hacked.

Passwords have traditionally been a standard authentication tool, but over time, their flaws have become more apparent. Often, users will create easy to guess passwords, and will use the same password across multiple platforms.

Another factor at play: Hackers have become better at cracking passwords over time as well. By using methods including utilizing special-built hardware designed for password cracking, implementing botnets that try different login and password combos using credentials stolen from other sites, or even hiring out the attacking to other experts, “most attackers will usually crack 80 to 90 percent [of passwords] in less than 24 hours.”

Is the authentication landscape just all doom and gloom? What hope is there when our most recognized form of security isn’t as secure as we thought? Our friends at the Kansas City IAM Meetup brought forth some solutions that mirror some of our Identity and Access Management philosophies. A big focus was on passwordless authentication. In our continued effort to help you Level Up Your Identity Program this month, let’s take a closer look at passwordless authentication.

The Low Down on Passwordless Authentication

There are many ways to provide authentication without a password. The subject of the recent meetup we attended was FIDO2.

FIDO2 is a joint effort between the FIDO Alliance and the World Wide Web Consortium. It’s the overarching term for this partnership’s newest set of specifications to move the world beyond passwords.

The FIDO (“Fast IDentity Online”) Alliance supports many password alternates. We’re going to run through a couple examples today.

Biometric Authentication

Biometric authentication methods include things like fingerprint, voice, and facial recognition. These methods have gained prominence in mainstream applications due to their implementation in smartphones, for one example.

A recent article in the Wall Street Journal highlights some of the benefits of biometric authentication in financial institutions, which have increasingly implemented voice recognition software to confirm the identity of users, but there have been other concerns raised on the risks associated with reliance on biometrics alone.

In order to alleviate some of the concerns surrounding biometrics, it is advised to use biometric authentication as a part of two-factor authentication in your organization, which pairs multiple authentication methods, like biometrics with, for example, security tokens.

Security Tokens

A security token is a physical device used to gain access to an electronically restricted resource. Security tokens can by utilized through a physical connection to a device by way of a USB port or smart card reader, among other examples. Security tokens may also be utilized through disconnected tokens that do not involve an input device. These disconnected tokens may have a screen that the user must then enter via keyboard or keypad.

Again, it is advised that security tokens are used as part of established two-factor authentication implementation within your organization.

The Future of Passwordless Authentication

The FIDO alliance has grown rapidly since its inception in 2013. It now includes more than 260 member organizations, including Amazon, Bank of America, Google, Intel, and Microsoft, among others.

As the FIDO Alliance continues to pursue its mission to develop and promote authentication standards that help reduce the world’s over-reliance on passwords, we can expect passwordless authentication solutions to become more refined, and to see more organizations adopt passwordless authentication solutions.

It can be overwhelming to keep up with these updated standards and procedures to keep your organization secure. We’re dedicated to helping you find the right solution for your business the first time.

If you would like to discuss how to keep your organization more secure through Identity and Access Management and the implementation of passwordless authentication, let’s take some time to connect. Fill out the form below, and one of our IAM experts will reach out to answer any questions, and discuss ways we can help you Level Up Your Identity Program.