It’s Time for Security Uncompromised

Helping Organizations Reclaim the Cyber Advantage—Without Compromise

“Why is cybersecurity so hot right now?”

This is the question we got from a reporter a few weeks ago for a story about the spike in investment activity for growing cybersecurity companies. In May, Darktrace was the first company in the network detection and response segment to IPO. Just a few short weeks later, ExtraHop announced its intent to be acquired by Bain Capital Private Equity and Crosspoint Capital Partners for $900 million. In July alone, cybersecurity start-ups RiskIQ, Skout, Avast, Bayshore Networks, and Cybereason announced investments or acquisitions.

So why are there so many investment dollars pouring into cybersecurity? Because over the last twelve months, the threat has become too big—and too prevalent—to ignore.

A Confluence of Events

In the wake of cyberattacks like SUNBURSTKaseya, and Colonial Pipeline, cybersecurity has risen to the forefront of people’s consciousness like never before. In particular, Colonial Pipeline proved to be that tangible moment where cyber suddenly collided with real life, shutting down Americans’ ability to get to work, to take their kids to school, to go away for the weekend. There is something uniquely terrifying to Americans about a gas shortage. The attack hit the American psyche in a way cyber never has before.

We’ve reached an inflection point in cybersecurity as multiple factors converge to raise both awareness and urgency. Advanced attacks are on the rise as cybercriminals adopt nation-state tactics and cyberespionage is privatized. Cyberattackers’ motivations are expanding as well. While it was once enough to encrypt data and demand a ransom, the very same attackers are now looking to compromise the software supply chain to amplify the impact of their efforts.

As these attacks make their way into mainstream headlines—and into conversation at summer BBQs—business leaders are becoming increasingly sensitive to the need to take decisive action. And they aren’t alone. Over the past six months, the Biden administration has taken a hard stance on cyberattacks, issuing sanctions against Russia, calling out China for its attacks on Microsoft, and declaring ransomware a terrorist threat.

As the sense of urgency increases by the day, so does the need for companies to innovate and establish competitive advantage. So once again, the stakes are raised for CISOs: How do you defend against increasingly advanced threats without compromising on the scale, speed, and agility your organization needs to stay competitive?

Reclaim the Advantage

In early 2021, we had the opportunity to talk to one of our customer CISOs. During our conversation, he said something that stopped us cold: “Security is a state of being. Defense is what you do in pursuit of it.”

Those two simple sentences were a perfect articulation of the challenge that security leaders and practitioners everywhere face. They are asked to provide security. What they really offer is defense. And they need the right tools, the right weapons, to reclaim the upper hand in a battle where the other side has little to lose and everything to gain.

At ExtraHop, we have long been on a mission to do exactly that: give the good guys back the advantage with visibility, detection, and response at the speed and scale of modern digital business. Our dynamic cyber defense platform, Reveal(x) 360, combines the power of cloud-scale AI with months of lookback to help SecOps detect advanced threats in real time and understand the history of the attack. Our line-rate decryption capabilities help teams detect and investigate even the most sophisticated attacks that lurk within encrypted traffic.

So back to that most elemental question for CISOs: How do you defend your business without compromising its potential?

We don’t think you should have to compromise.

Security Uncompromised

Today, we are proud to announce a new awareness and education initiative that is all about helping security and business leaders reclaim the upper hand against advanced (and advancing) cyberthreats.

Security Uncompromised is a brand initiative that demonstrates our leadership in network detection and response—leadership born of exceptional product innovation, incredible customer service, and a relentless drive to advance the state of the art of cybersecurity.

It’s also authentic to who we are—a company that takes the needs of its customers seriously, without taking itself too seriously. Fear, uncertainty, and doubt has never been part of who we are, or how we talk about ourselves. We have always strived to rise above that noise with relatability and humor.

Most importantly, Security Uncompromised is, at its core, about hope. It’s about having the ability both to protect your business and move it forward with confidence. It’s about having security and agility, security and scale, security and seamless user experience. It’s about the fact that cyberattackers have the advantage—and it’s about time that we come together to take it back.

SANS on Defining and Measuring Cybersecurity Visibility

Security visibility is a lot like modern art—it varies from critic to critic, and while it’s difficult to define, most people (and security experts) know it when they see it.

But what about when you don’t see it? After all, visibility can be amorphous and challenging, subject to the time-honored truism: You don’t know what you don’t know. That’s why leading organizations are working to define and measure visibility. Through that effort, these organizations are showing that the best way to defend your company is to have a full picture of it, warts and all.

SANS has produced a new white paper that digs into how to define and measure visibility, and why every organization should take steps to establish a strategy.

 

 

 

Uncovering the Gaps in Your Visibility Road Map

Understanding the concept of visibility may seem simple enough, but it’s quite subjective.

When we think of cybersecurity visibility, it’s traditionally around devices, applications, endpoints, and networks. Survey data backs this up. The lack of visibility into what data is being processed in the infrastructure and where is one of the most common gaps respondents reported in the 2020 SANS Network Visibility and Threat Detection Survey. But that’s far from the only discrepancy.

Visibility often specifically calls to mind technology like devices, applications, endpoints, and networks. Frank Kim, Fellow and lead for both the SANS Cybersecurity Leadership and SANS Cloud Security curricula, explains that “we also need visibility into users (identity, access, risk profile) and key business processes (M&A, entry to new markets) as well as technology processes (DevSecOps).”

If companies are to avoid falling prey to the next major cybersecurity event, they must break out from their silos with a cohesive, interdisciplinary plan that anticipates future threats. Perhaps the largest vulnerability is a mindset that it’s not my job. This is where the human factor must be addressed: Your visibility strategy will touch your whole team. Two guiding points can help you. First, understand your top human risks and second, understand your organization’s ability to manage (and reduce) those risks.

Why Organizations Must Look Forward

Hindsight is 20/20, but it only gets companies as far as they’ve come. There’s something to be said for the ability to look back after an incident and analyze what failed. However, that alone is not enough to anticipate future dangers and targets. You need a forward-looking strategy to get ahead.

For example, early visibility might have indicated that SolarWinds was a probable target for attackers. It had a high market share and heavy adoption, and was installed on sensitive internal networks. Armed with that early visibility, rather than relying solely on past experiences, enterprises could have moved proactively to profile behaviors and monitor suspicious activity. Instead, SolarWinds became the largest and most sophisticated incident in history.

Organizations need to know the potential weaknesses that exist in their infrastructure today so they can address them.

Knowing It and Seeing It

We know that organizations with a strong visibility strategy—i.e., one that works in sync with their security profile—are in a good situation to assess where to make investments to improve and be proactive.

One key component here is the ability to visualize what’s happening in real time. That’s where dashboards can be excellent solutions to gain actionable insights. While the concept has been around for a few years, dashboards are still incredible tools to track, analyze, and report on metrics and indicators, and share that information out with stakeholders. An example is tracking the ratio of devices on the network that are fully patched and up to date.

Taking this one step further, use of advanced analysis and machine learning can identify threats so organizations can neutralize them before they cause damage. This forward-looking practice is critical to avoid the devastating costs—both financial and reputational—that come from a breach.

With a solid visibility strategy and the right tools in place, you can begin to uncover success patterns and achieve a cybersecurity masterpiece.

Learn more by downloading the SANS white paper, Making Visibility Definable and Measurable.