How About This? Only Attack the Endpoints We Configured
How are threat actors getting around EDR? Every solution available will show how well it does in benchmarks, but does that match real-world situations? Is there something wrong with the tech, or does this come down to organizational issues?
This week’s episode is hosted by me, David Spark , producer of CISO Series , and Andy Ellis , operating partner, YL Ventures . Joining us is our guest, Russell Spitler , co-founder and CEO, Nudge Security and also winner of season 2 of our show, Capture the CISO .
The Gordian knot of EDR
EDR (Endpoint Detection and Response) effectiveness in the real world remains challenging. While EDR solutions often perform well in synthetic tests, actual breaches still occur due to frustrating issues like improper installation, configuration issues, or attackers disabling the system. Those pesky humans will always make security in an environment challenging, and EDR is no exception. There are weaknesses, requiring not just comprehensive EDR deployment but also effective management across all systems. EDR is a valuable tool but not a silver bullet.
Can we keep up with patching?
The Verizon DBIR report indicates that many vulnerabilities remain unpatched for extended periods, with a significant percentage unaddressed even after a year. Despite existing tools and programs aimed at prioritizing and patching these vulnerabilities, the reality is that organizations must contend with complex change management processes and a daunting volume of custom applications and systems. Vulnerability management should shift from being seen as a cybersecurity problem to a development problem. The CISO should still govern this process, but we can’t overemphasize prioritization. The current focus on prioritization might be less efficient than simply addressing vulnerabilities promptly and systematically within the development pipeline.
Making AI practical
It’s easy to be exhausted by the hype around AI these days. While AI models hold a lot of promise, from a security perspective the challenge remains the same with other tools, we don’t want them to leak sensitive data and we need to monitor usage in a business context. Managing AI in the workplace is a practical challenge that needs less hype and more visibility. The reality is employees will always use work machines for a mix of personal and business reasons. Organizations need to account for this reality at the start. We saw how SaaS produced Shadow IT. Organizations need to apply those lessons to this new breed of tooling.?
Standardization or granularity?
Many organizations opted into proprietary data systems when they moved to the cloud. But is that now putting our cybersecurity mission at risk ? Proprietary logging made sense in pre-cloud days, but as Barrett Lyon in Dark Reading pointed out, the times have changed. Standardizing log data across different systems is challenging because the data describes different types of events. While data lakes aim to consolidate and normalize this data, complete standardization is unrealistic due to the varying nature of that data. On top of that, standardization often leads to a loss of granularity, which is critical for effective analysis. Distributed analysis and using models to filter out normal traffic at the edge allow for reducing the data volume sent upstream and let teams focus on anomalies.
Listen to the full episode over on our blog , or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now. Thanks to ThreatLocker .
Huge thanks to our sponsor, ThreatLocker
Subscribe to CISO Series Podcast
Please subscribe via Apple Podcasts , Spotify , YouTube Music , Amazon Music , Pocket Casts , RSS , or just type "CISO Series Podcast" into your favorite podcast app.
Ten-second security tip…
"So, I always recommend…and this is for friends and family…to use a two-tiered banking system as they call it. A checking account and then where you keep all your savings. And the reason for that is as you think about interacting with the world, writing checks, using debit cards, you want to limit how much you could lose if you do fall prey to a skimmer or somebody stealing your checkbook. And so you always want to keep those separate and make sure money can’t automatically move between them." - Russell Spitler, CEO and co-founder, Nudge Security
How AI Is Making Data Security Possible…
"I think that AI as the tool is absolutely something that we can build upon. But as you look at it to increase its efficiency across the business, it also perpetuates the data sprawl. It creates its own set of data as well. So, there are new policies and new practices and new ways to classify that the traditional systems just don't even incorporate." - Lamont Orange , CISO, Cyera
Listen to full episode of "How AI Is Making Data Security Possible."
Subscribe to our newsletters on LinkedIn!
We've got our bi-weekly and daily?Cyber Security Headlines?newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter ?- Twice every week
Cyber Security Headlines Newsletter ?- Every weekday
领英推荐
Cyber Security Headlines - Week in Review
Make sure you?register on YouTube ?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter Richard Stroffolino .?We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be James B. , CISO, Tampa General Hospital . Thanks to Prelude .
Thanks to our Cyber Security Headlines?sponsor, Prelude
The Transformative Power of AI in Data Security with Cyera
Sponsored video
We dive into the critical role of AI in revolutionizing data security through enhanced data discovery and classification. AI brings several challenges and opportunities to the table, offering robust solutions for managing modern data environments and uncovering hidden sensitive information, according to Lamont Orange , CISO, Cyera . Learn how AI enables businesses to confidently secure their data without needing unlimited resources.
Thanks to our sponsor, Cyera
Join us, Friday [07-12-24], for "Hacking the Materiality of a Data Breach"
Join us Friday, July 12, 2024, for?“Hacking the Materiality of a Data Breach: An hour of critical thinking about when a breach is material or not.”
It all begins at 1 PM ET/10 AM PT on Friday, July 12, 2024?with guests Jason Clark , Chief Strategy Officer, Cyera and Dustin Wilcox , vp and CISO, Elevance Health .?We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.
Thanks to our Super Cyber Friday sponsor, Cyera
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at?cisoseries.com .
Interested in sponsorship,?contact me,? David Spark .
Great dad | Inspired Risk Management and Security Profesional | Cybersecurity | Leveraging Data Science & Analytics My posts and comments are my personal views and perspectives but not those of my employer
4 个月David Spark thanks for discussing an interesting topic and good points. IMO, the cybersecurity industry is unfairly putting a burden on companies. The companies have to wrestle with a growing backlog of daily vulnerabilities and the headache of prioritizing the patching of some of them. In the meantime, the software vendors, including Cloud/SaaS, keep delivering products or services with vulnerabilities, and there are no clear metrics that these vendors are improving the quality or focusing on better security in their products. The famous “shared responsibility” that is commonly heard in the Cloud, should be even more applicable across the entire ecosystem. Secure software = Less vulnerability
Resource Security / SASE / ZTNA / NIST 800-207 / Channel Partner
4 个月Big fan of the what's worse scenario today. Great discussion.