Cybersecurity Insights

Whether you are just getting started building out your cybersecurity practice, or simply refining your maturity to secure your future, the flexibility of CYDERES 24-7 Security-as-a-Service has an offering for everyone, and is adaptable to businesses across the security maturity spectrum. These services range from the very niche all the way up to fully managed 24/7 protection. Let’s take another quick look at their current offerings:

• EMDR: Enterprise Managed Detection & Response
• GSOC: Global Security Operations Center
• CNAP: Cloud Native Analytics Platform
• ADD-ONS:
  • CLOUD: Cloud Governance as a Service
  • SIRT: Security Incident Response Team
  • THREAT: Red Team as a Service

Today we want to go a bit deeper on one of these offerings that is delivering a ton of value to organizations looking for something more than their average penetration test: Red Team as a Service.

Red Team as a Service: The Next Level

Red Team Services through CYDERES provide objective assurance that your environment is secure – we are not looking to check a box and deliver a canned report like most pen-tests do.

Our penetration testing is designed to identify and validate vulnerabilities, exploit discovered gaps in the cyber and information security posture to establish a beachhead, and emulate real-world attacks against your infrastructure.

Our Red Team Professionals devote the time and attention required to achieve defined goals and “capture the flag.” Uniquely, we are 100% U.S. Citizens conducting our operations from U.S. soil with decades of industry experience in red team activities.

Final deliverables include an executive summary, an attack summary that reads like a storybook – telling you what we did, where we went, and how we got there. Recommendations regarding remediation for any discovered or created gaps in the organizations information security posture are also provided.

Domain Admin isn’t the end: CYDERES will work with your team to define objectives that show if an adversary can reach the most sensitive sections of your network.

CYDERES will even provide customization of proof of concept code for exploitation of discovered vulnerabilities in your environment.

Think your security controls are up to the task of keeping us out? CYDERES Red Team professionals regularly deploy custom malware specifically tailored to your environment to stress test your security tools and skip right past most AV/EDR solutions.

In an effort to align the assessment with real-world attacks CYDERES Red Team Professionals will leverage known password leaks, perform brute force attacks, dictionary attacks, hybrid password cracking and phish users with MFA support.

Our Red Team professionals take real-world tactics a step further by exploiting discovered gaps in WiFi deployments, testing Enterprise security for exploitable vulnerabilities and deploying leave-behinds on insecure network drops.

Lastly, our Red Team as a Service comes with “packs” of penetration tests bundled in a timeframe that makes sense to your organization’s size and ability to remediate, whether that’s monthly, quarterly, or bi-annually.

Conducting more frequent vulnerability tests arms your organization to protect against malicious attackers, but too frequently can also bloat your spend before remediation efforts are even accomplished from the previous round.

With Red Team as a Service, you are getting industry-leading professionals working with you to understand your architecture, your goals, and your adversaries to develop a real-world plan of attack that works with you as you scale your organization.

Penetration testing is critical for all organizations – but too often companies waste money with “run-of-the-mill” testing that yields unhelpful reports from distant third-parties.

Red Team as a Service works alongside you to meet your objectives and grow securely.

Next Steps as Your Organization Grows

Red Team as a Service is a great way to get started with CYDERES services to find your vulnerabilities and discover next steps to improve the security posture of your organization. Once you are integrated into the CYDERES ecosystem, we will help you leverage additional services that make sense as you continue to scale your organization, all the way up to 24-7 Enterprise Managed Detection & Response.

If you are interested in learning more about Red Team as a Service, or any of the other services that CYDERES offers, fill out the form below, and we will connect you with one of our experts so that you can focus on your business while we handle your threats.

Why has our first focus in 2020 been on real solutions? Because that is our constant focus. 2019 was a huge year of growth for us at Fishtech Group, and that was due, in part, to one very big reason: We ignored the hype that has become so common in our industry.

New solutions pop up all the time (especially during RSA season), competing for your attention, with flashy buzzwords to overcompensate for the fact that these solutions may not be as game-changing as they are promoted to be.

This is a constant challenge for many modern enterprises and makes it very difficult to know which direction to go when their singular focus is securing their business.

The good news? That’s our goal for you too. We don’t advocate for the flashiest solutions. We advocate for the solutions that have a track record of success. With industry experience that goes back to the 90s, we know a successful solution when we see one!

We are now on our third blog post in our series advocating for our focus on Real Solutions in 2020. Last week, we took a deeper dive on how CYDERES helped one of our clients address a growing alert-factory from a sprawl of disconnected tools, and gave them peace of mind while they navigated the turbulent waters of acquisitions and mergers.

This week, we’re looking at a recent client who needed help finding the cloud security gaps in a branch of their business and needed outside help to identify these gaps and recommend actionable solutions to help them move forward toward security maturity. Let’s look a bit deeper on some of the pain points they came to us with.

A Few Pain Points…

A few of the challenges this customer was looking to address included:

• Needing to protect publicly accessible API services/SIEM.
• Looking to add security/IT assistance for a new multinational branch that is in a surrounding area lacking talent.
• Looking for a security architect to join their staff for projects requiring more than one full year.
• Needing an overall assessment for further recommended actions to improve overall security architecture.

After reviewing the pain points of this particular customer, we began a program of cloud architecture analysis to identify what they were lacking, and what further recommendations we had to address their needs.

How Did We Get It Done?

Taking a listen-first approach, we were ready to spend as much time as necessary to understand the client’s needs and then to give an accurate assessment to the client. We had extensive conversations that clearly explained the process of delivery and execution for this project. We had two consultants involved with two weeks onsite, and a few weeks offsite as well.

This client was looking to hire a security professional to take overall ownership of their security program but currently had no dedicated security resources. Knowing this, we performed our assessment with solutions in mind for a business that is still in transition.

Once completed, the assessment included recommendations for a number of technology products to fill the identified gaps. This client has limited internal resources to deploy and support additional security technology. Therefore, they needed to look to external services for the operational aspects of security like monitoring, auditing, and incident response, which we informed them of.

On top of all of this, we had to make sure each of the technology products were sufficiently validated to work alongside their existing stack, and optimized to function as required. Our constant aim is to deliver the right solution, the first time – shelfware is never a good solution.

Real Solution: Cloud Services Architecture Analysis

All of this led to presenting this client with a custom roadmap to give them actionable steps they would need to take to reach their overall security goals and KPI objectives.

We don’t just look at addressing present issues. We supply a strategic plan for future actions as well as the potential risks the organization will face as it scales.

We know that improving organizational security is a journey. Like with any journey, a map is incredibly helpful. Our experts have experience with organizations across the maturity spectrum, and therefore serve as incredible guides for navigating the digital topography that lays out in front of them.

Don’t know where to start? It can often feel overwhelming, but that’s what we’re here for.

If you are ready for your own cloud services architecture analysis to start your path to security maturity (and peace of mind!) in your organization, fill out the form below to get connected with one of our experts, and see for yourself how our Real Solutions in 2020 can help you grow your business in a real way.

Hype. A persuasive tool OVERUSED by industries of all persuasions. Just because something is talked about excessively doesn’t make it good, or right.

2020 has already been a particularly hyped up year with everything surrounding COVID-19. And that’s not even getting into the hype train in our own industry that chugs on in even the most uneventful of times.

Unfortunately, the field of cybersecurity solutions is RIFE with hype.

This makes life difficult for organizations looking to find the right solution set to elevate their cybersecurity maturity. Weathering the waves of hype that inevitably come year after year is a challenge, one that we seek to conquer to create trusted relationships with our customers.

Our constant focus: real solutions. What is working for our customers? Let’s double down on that. We’re continuing a blog series that aims to highlight real solutions that are working for our customers, and we’re continuing that with today’s focus on one solution that continues to deliver: CYDERES.

We recently worked with a small business client in the health care industry that saw real value with CYDERES and utilized their flagship offering: Enterprise Managed Detection & Response.

Let’s take a closer look at what this organization was facing, and what led to this decision.

A Couple Pain Points…

A couple of the challenges this customer was looking to address included:

• A lack of visibility and understanding of their attack vectors/vulnerabilities, with no partner to help manage, monitor, and remediate.
• A growing alert-factory from a sprawl of disconnected tools.
• Fast growth through acquisitions and mergers that exacerbated these issues and concerns.

Furthermore, prior to this client’s engagement with Fishtech, they were unaware of the security issues of the companies with whom they were merging, so their potential for breach was magnified.

Challenges like these are not uncommon in the modern business landscape and are challenges that CYDERES is tailored for. For these specific pain points, it was a no-brainer that our Enterprise Managed Detection & Response was the way to go.

Going with this option allowed this client to have full visibility of their vulnerabilities with experts from the CYDERES team ready and able to help give them any additional information that gave them more insights into their current security situations.

What Are the Other Solution Offerings of CYDERES?

CYDERES has a full set of solutions that are set-up for organizations all over the security maturity spectrum. Let’s take a quick look at the list of the various solutions that CYDERES provides:

• EMDR: Enterprise Managed Detection & Response
• GSOC: Global Security Operations Center
• CLOUD: Cloud Governance-as-a-Service
• SIRT: Security Incident Response Team
• THREAT: Red Team-as-a-Service
• CH/ES: Chronicle Essentials

Having these options available allows businesses to have flexibility once they enter into the CYDERES ecosystem to add or subtract services as necessary to meet the exact needs or their organizations.

For a small business to see the value in scaling their business with 24-7 managed detection and response put in during the early days of growth is a great strategy. Unfortunately, we encounter too many large organizations who failed to put solutions like this into place earlier and are suffering the consequences at a much larger scale.

The ripple effect of putting such a high value on securing intellectual property and customer data while a small business will help this company put more resources into growing their business, instead of sacrificing huge costs of recovering from a breach down the road.

In this particular case study, the client was already looking for help managing, monitoring, and remediating their threats. This was especially due to the rapid changes they were continuing to see with their acquisitions and mergers.

Having a third party to detect and remediate issues 24/7 gave them the peace of mind they were looking for as they focused their own resources on navigating their ever-changing organizational landscape. The ability to get real time insight into their security issues, some of which were grandfathered in to their organization once they had been acquired has been a huge benefit.

How Did We Get to the Right Solution the First Time?

We’re very aware that cybersecurity solutions are big decisions for organizations in every industry.

Any time potential clients are able, we invite them to come to our Cyber Defense Center in Kansas City to our state of the art SOC (or in these current times of coronavirus, have them take our virtual tour) and learn first-hand how potential security incidents are handled in real-time.

In this particular case, the client was brought in 6 months before the ink dried on the contract to see our facilities and talk with CYDERES professionals so that we could get a better idea of what their pain points were, and how we can help.

In learning about some of the specifics of this client’s environment, we made sure a roadmap was drawn out on what would happen when acquisitions took place, and how we would be able to engage with that change in a flexible way.

This is a huge reason CYDERES continues to win in the marketplace. We place a huge an emphasis on scalability with a roadmap to maturity as the business grows.

In fact, we have found so much success with our initial implementation of EMDR for this client, that they have engaged us to start scoping a DevOps project for them as well. Talk about a Real Solution that keeps customers coming back for more.

Real Solution: CYDERES

Even without having read through this blog post, you may have heard us talk about CYDERES a time or two. We continue to highlight CYDERES on our blog because customers are not only coming to us to improve upon their current cybersecurity solutions, but as we just mentioned, they are actually EXPANDING their usage of the CYDERES solutions.

This had led to an incredibly strong second full year of operations with 1,214% growth in year-over-year (YOY) in bookings and 960% YOY growth in gross profit. Those kinds of numbers don’t happen when a solution isn’t working.

So, let us make it work for YOU. This successful case study isn’t an isolated incident. We’re making CYDERES work for customers across the country, and we’re improving with each successful implementation.

If you’re interested in seeing real solutions with CYDERES, fill out the form below to talk with one of our professionals, so that you can start to truly focus on your business while we handle your threats.

Olympics. Elections. Super Bowl (Go Chiefs!). Viral outbreaks. Cyber-attacks. Make no mistake, the new decade is upon us with a year that will surely bring a ton of hype. The 24-hour media cycle pings around to each item with such great intensity that heads are turning back and forth as if we’re all looking at a global tennis match.

All of this can be incredibly distracting as our focus shifts to items that may not be applicable to our own personal goals and the goals of our organizations. What’s worse, it’s accompanied by that sinking feeling of missing something of ACTUAL importance to you and your organization.

Let’s commit together NOT to follow the hype. Moving your strategy this way and that according to the news of the day is not the way to run your business. In terms of cybersecurity strategy for organizations, we covered a similar idea in a recent blog post saying that the news cycle should not be your alert to put to proper practices into place to protect your business.

Through the turbulence of the modern business era, there are strategies that have held tried-and-true. This is why we are so adamant about our focus on being a data-driven cybersecurity solutions provider. We don’t advise on hype. We advise on real information.

This will be a huge focus for us to start this year. We want to double down on what’s actually working for our clients, and what proven methods got us there. In a year of hype, we want to flip the narrative and make 2020 a year of real solutions.

We have already been seeing huge wins operating in a data-driven way to provide real solutions for our customers that keep their businesses secure. CYDERES, our security-as-a-service division has seen explosive growth over the last year of operations as more organizations have trusted in our approach to managed security.

We have been expanding into new areas across the country to better service our growing customer base, including announcing a new Cyber Defense Center in Northwest Arkansas. We have continued to expand on trusted partnerships that have allowed us to better serve the organizations we are protecting every day.

Let us be clear… we’re just getting started. We’re not keeping our solutions a secret. We’ve seen what works for our customers, and we’re ready to implement these solutions for your organization so you don’t have to worry about what the news says you should worry about. You can trust our experts to get it right, because we have been getting it right with solutions backed by real data, regardless of what’s getting hyped.

Over the next month, we’ll be highlighting some of the real solutions we have implemented, talking to our experts on how they’re finding the right solution the first time for our customers, and lastly we’ll be taking deep dives into customer case studies let you see for yourself how our solutions are working first-hand. Stay tuned!

It’s time to get off the hype train. At Fishtech Group, 2020 is a year of real solutions.

When the Kansas City Chiefs and San Francisco 49ers face off against each other at Super Bowl LIV next Sunday, all eyes will NOT be on the field.

In secure command centers, field outposts, aircraft, vehicles and on foot, hundreds of security professionals will be diligently watching for any sign of threats on Game Day, augmented by thousands of cameras and sensors to detect everything from chemical and biological agents to conventional explosives and suspicious activity.

The security teams deployed inside Miami’s Hard Rock Stadium and in the surrounding area will consist of law enforcement and emergency personnel from the host city and surrounding municipalities, as well as regional and state government agency officials and personnel from federal government agencies such as the Department of Homeland Security and certain ‘three-letter’ agencies of the U.S. intelligence community. After all, the Super Bowl is routinely designated as a National Special Security Event (NSSE) due to its attractiveness as a terrorist target.

Nor is this a one-afternoon event. The Super Bowl is in reality a week-long affair, chock full of VIP parties, fan fests and of course the multi-day Super Bowl Experience, which kicked off on January 25th.

We’re proud that our colleagues at Haystax have been entrusted with security monitoring at eight of the last 11 Super Bowls. In each case, Haystax augmented its off-the-shelf analytics software platform by assembling a team of in-house specialists who uploaded data and photos on critical assets within the Super Bowl perimeter, assessed key buildings for likely threats and potential vulnerabilities, entered data on hundreds of scheduled events, established channels to monitor digital media feeds, deployed mobile field reporting apps and much more — all of the data precisely geo-located on digital maps for enhanced domain awareness.

Here are some examples of prior Haystax Super Bowl deployments:

Super Bowl LI

In 2017 in Houston, Haystax helped security teams and first responders maintain complete situational awareness and get ahead of their most serious threats. Using advanced analytics, the Haystax team looked for behavioral patterns that might indicate an attack. Data sources included chatter on a ‘dark web’ site, stolen vehicle data and suspicious activity reports. Each of these data points represented risk indicators, and bringing those pieces together into a single analytic environment enabled security decision-makers to get a better grip on whether the likelihood of a terrorist attack was going up or down.

Super Bowl 50

In the San Francisco Bay Area during the 2016 Super Bowl, the Haystax team pulled in data from a number of sources, including police and fire dispatches, weather reports, maps, news agency articles, social media activity and video camera feeds. Finely tuned algorithms then processed the huge amounts of collected sensor data, which was studied in real-time by analysts to deliver critical information in the form of actionable intelligence alerts to the event’s key security decision-makers.

Super Bowl XLVIII

The 2014 Super Bowl and more than 200 related events in the preceding week spanned police jurisdictions in two states (New Jersey and New York), several counties and multiple cities, and of course several federal agencies as well. The Haystax system made headlines for its crucial role in identifying a potential biological incident that turned out to be harmless white powder, averting major disruption to key events.

Super Bowl XLVII

During the infamous power blackout that occurred in the middle of the 2013 game, Haystax software in the New Orleans Emergency Operations Center discovered Twitter postings referring to ‘power outages’ at the venue, BEFORE the actual outage occurred. All related suspicious traffic and information was forwarded to FBI representative at the EOC, who quickly determined the threat was not credible or even linked to the actual blackout. As a result, the game could proceed without any major fan disruptions once power was restored.

According to an intelligence director at Super Bowl 50, “Having the ability to use Haystax applications — where you can literally take a quick note or a snapshot and say this is the situation here right now — clears up those radio channels and allows people to feel more freely about reporting things that they may otherwise not have reported until things escalate.”

Nor does Haystax limit itself to championship sporting events. In the past we additionally have managed security awareness for other NSSE events like the 2015 U.S. visit of Pope Francis, as well as national political conventions and high profile gatherings like the Oscars and the Indy 500.

#   #   #

Note: Want to read a play-by-play account of an earlier Haystax Super Bowl deployment? Download this free white paper on how we secured Super Bowl XLVI in Indianapolis.

FOR IMMEDIATE RELEASE

Contact: Jennie Hanna, jennie.hanna@fishtech.group 

CYDERES Tracks 1214% Growth and Hires Chris Currin as CBDO
Fishtech Group’s Security-as-a-Service division is its fastest-growing area

Kansas City, MO (Jan. 21, 2020) — CYDERES, the Security-as-a-Service division of Fishtech Group, has capped an incredibly strong second full year of operations with 1,214% growth in year-over-year (YOY) in bookings and 960% YOY growth in gross profit.

CYDERES provides the people, process, and technology to help organizations manage cybersecurity risks, detect threats, and respond to security incidents in real time. CYDERES solutions include Managed Detection and Response (MDR), Security Operations Center as a Service, Cloud Security as a Service, Red Team as a Service, and Security Incident Response services.

On track to triple its year-over-year business growth in 2020, CYDERES has hired security industry veteran Chris Currin as Chief Business Development Officer. Currin is focused on helping CYDERES achieve its growth objectives and helping lead its go-to-market initiatives.

Key growth statistics for CYDERES point to a solution that is resonating with clients of all sizes, from small and midsized businesses to multiple Fortune 500 and FTSE 100 organizations:

• 212% achievement of CYDERES 2019 bookings plan
• 220% net revenue retention rate with zero “churn”

“We’re exceptionally proud of our results to date and even more excited about the growth to come,” said Eric Foster, President of CYDERES. “We know customers deserve a managed security service provider that delivers a legendary service at a fair price, and we’re honored that so many organizations trust Fishtech Group and CYDERES to be their provider. We look forward to helping transform the security industry with the help of our industry-leading security solution partners.”

Technology partners integrated into the CYDERES Cyber Defense Platform and delivered in its Security-as-a-Service model include: Google’s Chronicle global security telemetry platform; Corelight and Perch Security for network traffic analysis; deception solutions from Thinkst and Illusive Networks; phishing defense solutions from Cofense, Mimecast and Proofpoint; vulnerability management solutions from Qualys, Tenable and Kenna Security; and managed Endpoint Detection and Response (EDR) solutions for every major endpoint platform including Carbon Black, Crowdstrike, Cylance, LimaCharlie, Microsoft Defender ATP, SentinelOne, and Tanium.  Integrated solutions for the CYDERES Cloud security service include Disrupt:Ops and Palo Alto Prisma Cloud.

In September, CYDERES was named as #25 in the Top 200 MSSPs list for 2019 by MSSP Alert, published by After Nines Inc. The list honors the top 200 managed security services providers (MSSPs) that specialize in comprehensive, outsourced cybersecurity services.

About Fishtech Group
Fishtech Group is the leading current-generation service provider enabling secure business transformation. Our experienced cybersecurity professionals plan, produce, and implement innovative solutions that ensure security and success. We focus on threats so you can focus on your business. Founded and led by CEO Gary Fish, Fishtech Group includes the Security-as-a-Service division CYDERES and the security analytics firm Haystax of McLean, VA. Fishtech venture partners include Perch Security of Tampa, FL, and Foresite of Overland Park, KS. Visit https://fishtech.group/ or contact us at info@fishtech.group.

Update 12/16/20: Although this article was written in January, the advice herein has continued to resonate as we continue to tackle the many challenges of this year. The recent news of advanced cyber attacks have prompted many to investigate their overall cyber readiness or lack thereof, a very worthwhile exercise. Don’t go it alone – leverage Fishtech’s industry pioneer expertise, decades of experience, and what’s actually working in our customers’ environments to mature your security program and scale your business instead of being consumed fighting its threats.

For better or worse, the world of cybersecurity is increasingly intertwined with the current events of the day. As cyber criminals continue to evolve in the digital era, we will continue to see an increase in the frequency and sophistication of cyber-attacks.

In the last five years alone, there has been a 67% increase in security breaches, with a growing portion of these breaches coming from state actors. Of course, this is why we at Fishtech are so passionate about what we do. The genuinely painstaking but necessary work of cyber experts grows continuously larger in global importance every single day.

In light of several recent international incidents, most notably the recent military action in Iran, we have seen a flood of articles detailing serious cyber-attacks that will be coming our way from various state actors. We’ve received several specific questions about what to do about the potential escalation in cyber conflict.

The news cycle should not be your alert to put the proper practices into place to protect your business.

If it is, that doesn’t make you a bad business owner. At least you care enough to worry about your organization’s security maturity at all! The only thing is, these attacks aren’t new. Many state sponsored actors are operating at various levels of sophistication and have been orchestrating cyber-attacks for years.

While particular threats may be more severe than others, cyber readiness demands constant vigilance. The 24-hour news cycle will ebb and flow with reports of what could be the beginning of an even greater level of intense cyber warfare with devastating effects. Vigilance is key, but shouldn’t similarly ebb and flow, but rather maintain a constant state.

To analyze further, let’s look at some historical context: As Digital Shadow’s Rick Holland recalls, in October 2012, roughly two months after the Saudi Aramco Shamoon wiper attack, then-Secretary of Defense, Leon Panetta, gave a now-famous speech where he warned about the potential for a “cyber Pearl Harbor.” Do we have a historical reference for an actual “cyber Pearl Harbor”? Not exactly.

At the same time, we have been monitoring fresh intelligence that SOC’s have been experiencing an escalation in spear phishing, scans against companies targeting VPN vulnerabilities, and a myriad of other attack vectors in late 2019 / early 2020.

This isn’t reserved for a single state actor, but multiple at various levels of sophistication. Don’t read this wrong, there have been some clear retaliatory attacks after incidents occur, but nothing so unusual to suggest a “new” devastating cyber weapon has emerged on the scene.

All that being said, no matter your stance on the will-they won’t-they chatter, the threat risks you are experiencing are still greater than zero. Questions around availability, cloud security, and other potential vulnerabilities are very legitimate.

Therefore, the leader who is rightfully concerned about risk (continuously analyzing combinations of threat likelihood, vulnerability, and consequence) needs to be fully prepared for very unique situations and take preventive steps where possible.

So, what’s next?

Our constant focus: helping our clients build out and maintain a set of best practices for the modern enterprise. Whether it’s state actors or individual attackers, the fundamentals of modern cybersecurity still apply.

For example, as Gartner has clearly stated for years, robust detection and response capabilities are at the top of the list. Organizations of all sizes need to make sure the people, process, and technology are in place to respond to any potential attacks. With talent in short supply, and the costs of building an in-house SOC increasing, finding efficient ways to detect, respond, and even proactively threat hunt around the clock can be very difficult.

In addition to fundamentals, we recommend regular penetration testing, vulnerability management, and making sure you have a cyber readiness plan and team in place equipped to deal with every aspect of a security incident, because every second counts.

All of this can help build out a more mature cybersecurity posture moving forward and is not dependent on a single state actor or malicious insider.

Truthfully, you most likely didn’t start your business to be distracted by cyber threats. Out of necessity, many enterprises are having to use more and more resources to keep themselves afloat in this ever-swirling sea of risk.

We believe organizations should be able to spend that precious time and resource doing what they do best however possible. Whether it’s building better automobiles, saving the planet, scaling restaurant franchises, or caring for patients – we want to help.

Fishtech was built from the ground up to alleviate these worries for modern day organizations.

Your focus should be on what you do best: growing your business and running your organization to perform at its’ peak no matter what the news cycle.

These threats aren’t going away – recall the 67% of security breaches in the last five years. One way or another, a solution needs to be found. Are you in this alone? Or, are you ready to work with experts that can make sense of the chaos and use real data with your unique business situation to inform an overarching, scalable, and mature cybersecurity program.

If you are interested in learning more about helping your organization take its’ cyber readiness to the next level, fill out the form below to get connected with one of our expert consultants.

There are a few insider threat incidents that have reached infamy in the United States of America, and the individuals that have carried these incidents out have become household names. Looking back on these events, many professionals have asked if there was something that could have been done to recognize some of the warning signs of these individuals to nip these attacks in the bud.

Our colleagues at Haystax, a wholly-owned subsidiary of Fishtech Group, have been focusing on a couple of these infamous actors, asking the question – if they had tried to pull off a similar attack today, would their behavior stand out to security analysts? Using Haystax’s security analytics platform, they believe the answer is, yes!

In a new ‘use case’ blog series, a few of the professionals at Haystax will focus on four total infamous insider threat incidents. The first two use cases that Haystax have put out focus on Edward Snowden, who leaked classified government documents back in 2013, and Ana Montes who was arrested on suspicion of spying for the Cuban government in 2001 after a years-long internal mole-hunt and was eventually convicted.

Finding Edward Snowden: A Haystax Use Case

With recent focus shifting back toward Edward Snowden due to increased press around his new book, it was worth looking back at this particular incident, especially being that it happened so recently relative to other cases, like with Ana Montes.

Haystax asserts that using their analytics platform, it would have been possible to detect and intervene on Edward Snowden’s plan to leak classified information and flee the country.

The Haystax analytics platform combines more traditional machine learning and similar data-driven techniques along with a probabilistic model that ingests data as evidence and extrapolates future outcomes from it. In this particular case, a risk score would be produced in the system that would allow Snowden’s adverse behavior to be recognized all the way back in 2007, giving adequate time to intervene before his eventual flee to Hong Kong in 2013.

The most significant obstacle to finding Edward Snowden was the lack of a system of processes and technologies that focused on person-risk, analyzing multiple information sources the way an analyst would. Haystax breaks down each of the various critical events that would today raise flags using their technology from 2007 to 2013.

Check out the full use case here.

Finding Ana Montes: A Haystax Use Case

For those who don’t recall, Ana Montes was a spy. She joined the U.S. Defense Intelligence Agency (DIA) in September 1985 and was eventually promoted to senior analyst, only to be arrested in her office on September 21, 2001 on suspicion of spying for the Cuban government after a years-long internal mole-hunt, and eventually convicted.

In their second use case, Haystax asks another simple question – in the resulting years from her hiring in 1985, to her eventual arrest, would Montes have been recognized as showing behavioral riskiness that would have enabled DIA security analysts to receive alerts in context, surfacing incidents that otherwise wouldn’t seem concerning using the technology of today?

Using the Haystax for Insider Threat Solution, our colleagues believe that they would have captured all the normal indicators that alert DIA analysts, but would have additionally given top analysts and investigators (with the appropriate permissions) the ability to capture more qualitative events like those that eventually led to Montes’ arrest. Using this solution, they would be able to feed them back as structured data into the probabilistic model that underlies the Haystax analytics platform, leading to an earlier detection and arrest.

Check out the full use case here.

More Haystax Use Cases to Come

These two Haystax use cases are just the tip of the iceberg. Stay tuned to the Haystax website for more use cases coming soon.

Note: Want to conduct a risk assessment to find your hidden insider threats, regardless of whether their intent is malicious or – whether they are unwitting or negligent actors? Contact a Haystax rep or click here to find out how.

In a couple recent blog posts, we have been focusing on the reasons why organizations are finding it more difficult than ever to justify building a SOC, or, a Security Operations Center, in-house.  Though the alternative of using an MSSP (Managed Security Service Provider) can be a frustrating experience, there are very few organizations that can defend building a SOC in-house.

To help bridge the gap between these two solutions, and to provide a good alternative to an in-house SOC, we wanted to build an operation that is different from other MSSP offerings and effectively do away with all of the negative connotations that come with the territory. That solution is CYDERES, our 24/7 human-led and machine-driven security-as-a-service.

We understand a lot of organizations have invested a lot into building their own SOC, but that there can be many issues that arise as they try to keep up with day-to-day operations for their security teams, while also continuing to lead and focus on the core aspects of their businesses. With CYDERES we can help reduce the headache of any organization looking to start transitioning to fully-managed security.

We previously looked at some of the cost factors that make building an in-house SOC difficult. Today, we’re going to look at another challenge that can present itself when building a SOC in-house, and how CYDERES can be an effective alternative. In this post, we will be looking at why talent is a huge factor as to why organizations struggle to build a SOC in-house.

Talent is Hard to Find

There is a shortage of talent in the field of cybersecurity. This causes problems for organizations trying to build out their cybersecurity programs within their company. By 2021, experts predict we’ll see 3 million open cybersecurity positions worldwide, with at least one quarter of those unfilled jobs in the U.S. alone. That’s more than triple the shortfall that existed just two years ago. Let’s keep that statistic in mind as we look to our first point.

It takes a small army to run a Security Operations Center effectively.

At minimum you will need a staff of 16, if not more, according to our experts at CYDERES. You want to make sure every shift will be covered, and that you have enough staff to fill in when your team gets sick or goes on vacation. If every organization wanted to build a SOC in-house, how would they fill all of the necessary positions when there is already a severe talent drought?

Furthermore, with current professionals in high demand, a lot of the best talent in the field is getting snagged by organizations whose core focus is on security, and not operating a SOC on the side. This creates another impediment to anyone trying to build a SOC in-house.

At this point, some of you may be feeling like we’re writing about your exact situation, while others may already have a full team ready to go, and may be under the impression that they have beaten the illustrious ‘talent shortage’. Well, many organizations may have a crack team on the payroll today, but what happens when someone moves on, or retires? There may be a significant gap in your team as you try to lure another professional who is just a qualified as the person who just left. The talent shortage has far-reaching ramifications, even beyond the immediate future.

The ‘Talent’ to Look Ahead

Cybersecurity is a relatively new field. We are just now exploring what the capabilities and possibilities of this field are. Threats and solutions are continuing to evolve every day, and the security threats of today are not the security threats of tomorrow. This means that security teams need to be constantly devoting some of their resources to learning and looking at what’s on the horizon.

Unfortunately, because a lot of teams are facing a talent shortage, they don’t have enough people to move beyond putting out fires every day. Therefore, a lot of administrators are just focusing on what’s going on today, and aren’t looking forward. This can create huge problems for organizations in the long-term.

It’s vital for the current generation of business leaders to continually look for next generation solutions so that they are prepared for tomorrow’s threats today. In-house resources may not be enough to achieve this goal. Your current team may work for your current needs, but transitioning to a fully managed security-as-a-service provider will allow you to start looking ahead without straining the staff you already have on the payroll.

Using CYDERES Over an In-House SOC

With CYDERES, we can make many of the issues listed above obsolete for your organization, either through augmenting your current SOC, or by gradually transitioning your in-house solution to our fully-managed security-as-a-service offering.

We have put significant focus on attracting and retaining the best talent in the business. We have invested in our facilities to give our professionals a world class space to operate in, and built a great foundation of an awesome team that is our best advertisement we could ask for to attract other professionals of their caliber.

We have dedicated teams for specialized threats, both for the threats of today, and the threats of tomorrow, which brings a lot of value to our customers. We have also created a structure that allows us to adapt to your needs. Maybe you already have a couple of experts already that know a lot about your business. We can work to augment the work of folks that are already ingrained into your corporate structure to allow you to get the best solution for your particular needs.

The best part, in working with CYDERES, you can redeploy your resources elsewhere so you can focus on your business… We’ll handle your threats.

If you are interested in talking with our CYDERES professionals to see how we can help create a better way forward for your organization, fill out the form below, and we will be in touch soon.

Success in the cybersecurity industry depends in great part on people skills. What we commonly call ‘soft skills’ are those aptitudes and traits that are difficult to measure and quantify. In fact, according to LinkedIn’s 2020 Emerging Jobs Report, skills like communication, creativity, and collaboration are virtually impossible to automate, making the candidate who possesses these skills all the more valuable.

Soft skills are hard to measure but not necessarily hard to acquire. They can be practiced and flexed just like other more scholarly or technical endeavors. And they may be even more important in years to come as automation becomes more widespread.

But what are the most important people skills for someone considering a career in cybersecurity? What helps a young person thrive in this competitive, super-hot industry? We asked some folks here at Fishtech who regularly meet with students and here’s what they said.

Communication

You absolutely must be able to speak with customers and colleagues, to explain situations, and potential remedies and next steps. Good communication skills are huge, especially in crisis situations. Both verbal and written skills are important because after the dust settles, you’ll be updating a customer log with the critical details. Bottom line: you need to be able to solve a technical issue and explain it to a customer.

Continual learner

Do you self-identify as a problem solver? If you’re always looking for better way to do things, you’re a continual learner. Set goals for yourself, your career, and your work to level up and stand out.

Passion

Show us what you really love. Document your projects — be that what you’re doing in school, at home, on a volunteer basis, wherever. Blog about your projects; believe it or not, these passion projects may be more important than your resume. Start a portfolio to show your passion and your growth.

Humility

Many technical people are, let’s face it, used to being the smartest person in the room. A little humility goes a long way when working with your teammates and clients. A raging attitude really stinks, especially when you’re coding or working hard and fast on a breach. Respect other’s opinions as well as the quantifiable facts and work to be a valued member of the squad.

Tenacity

Invest in hard work — and yourself. Put in the time and enjoy the work. You can compensate for almost all of your weaknesses with hard work and dedication.

Curiosity

Feed your curiosity. Whatever you’re interested in, look it up. If you’re passionate about it, find the resources to learn more.

Self-confidence

Every single person has something to offer — an ability and skill that others don’t have. Make good use of self- confidence. Believe in yourself and make sure others know it. Confidence is contagious.