Article
7 min

How to Prepare for the Cybersecurity Challenges of Today…and Tomorrow

In this panel discussion from BTEX 2022, experts discuss how zero-trust network architecture and artificial intelligence are helping to tackle some of the biggest cybersecurity challenges.

What's Inside
/

Speaking at a cybersecurity panel at CDW Canada’s 2022 Business Technology Expo, Douglas Jose Pereira dos Santos, Senior Manager Advanced Threat Intelligence at Fortinet, says that blending a zero-trust network architecture in with a security fabric is crucial.

“It is so important because attackers are evolving quicker than ever. The time it takes for mass exploitation of specific vulnerabilities is shortening. They’re really quick to get those exploits, or even develop new exploits out of a specific vulnerability and start mass exploiting using botnets and compromised computers. There’s less and less time for us to react when something happens, so making sure that we have the specific controls that we need to respond at every level where we need them is paramount to stopping those threats.”

Sameh Younis, Sr. Cloud Solutions Architect, Microsoft Canada, highlights the importance of cloud security posture management. “Organizations need to report on the current state of their security posture across the entire digital state of the organization, as well as being in a position to improve their security posture by providing discoverability, visibility, guidance and establishing controls.”

Microsoft is also focused on multicloud security posture, as well as workload protection. “We’re not just focusing on Azure, but on premises, AWS and Google. Any organizational workload, no matter where it runs, should be under the umbrella of being evaluated from a security posture perspective, as well as being protected from a workload perspective.”

“I think this all comes down to how we’re growing as a security culture,” says Ivo Wiens, Senior Manager, Security Solutions Architecture at CDW Canada. “It used to be that you really needed to spend a lot of time on the complicated parts of security, and very little time enabling the user to be secure. By letting people worry about the complicated networking side of things, we can actually start focusing on how to enable users to be secure on a day-to-day basis.”

Why zero-trust should be a key part of your cybersecurity strategy

“Customers are very interested in this idea of zero-trust,” says Kevin Ellsworth, Manager of Security Architecture for Western Canada at CDW. “The ‘trust no one’ aspect of your business, with the X-Files theme playing in the background.”

“We believe zero-trust should extend throughout the entire digital state and serve as an integrated security philosophy and end-to-end strategy,” says Microsoft’s Sameh Younis. “Lots of people might have misconceptions that zero-trust is more about identity, but actually, zero-trust extends through the whole digital state and covers a number of pillars, embraces the mobile workforce, protects people, devices, applications, data, wherever they are located.”

“Zero-trust is for us a holistic view of security, and that’s a paradigm shift from how it used to be before. Before, the thinking was that anything behind corporate firewalls is safe. But the zero-trust model assumes a breach, and that each request has originated from an uncontrolled network, whether it’s actually from an uncontrolled network, or coming from inside. Traffic always has to be verified, regardless from where it originates, and what resources it tried to access. So the zero-trust models teaches us to never trust, and always verify on every domain,” says Younis.

“Zero-trust networking is so important right now, because there is no perimeter anymore, so it moves the security enforcement from the perimeter to users’ devices and assets,” says Santos from Fortinet. “It makes it easier to adopt new technologies, because it’s not another new perimeter that you have to set up, and identify what applications and users are going to access it. It’s all laid out. You just have to plug them into your architecture and you’re good to go.”

“It also helps a lot with the lateral movement part of a breach, because when someone breaches your organization, they’re going to try to escalate privileges. Once they get a foothold on a specific system, they’re going to try to move laterally. And once they do, they’re going to find that there’s some blockages. If you couple that with network segmentation, a security fabric and the ability to quickly understand what’s going on, then you can take automated action, blocking access to the device that’s making unusual connections to services it is not supposed to,” says Santos.

“It almost sells itself,” adds Santos. “It gives cyberdefenders the impression that they’re starting to have control over the network again, and the ability to defend at the level that is needed.”

What are some of the biggest cybersecurity challenges organizations are facing today?

“Attackers have to be lucky once; we have to be lucky every time in order to defend,” says Kevin Ellsworth from CDW. “It really puts a lot of onus on cybersecurity professionals.”

CDW’s Ivo Wiens says the ability to restore after a ransomware attack is a major concern. “We do everything we can to prepare and defend, but when it comes to the recovery phase, we find that clients really stumble there. As security professionals, all we can do is say ‘make sure your backups work.’ We’re going to try to do everything we can to prevent an attack, but at the end of the day, the last line of defence is the backup.”

“That’s been a difficult challenge to communicate back to the business, even though they’ve spent millions and millions in backup and restore, they still don’t have 100 percent trust in how they can recover from a ransomware event once it happens,” says Wiens.

“One of the biggest challenges is the lack of available cybersecurity talent,” says Sameh Younis from Microsoft. “Market research in the U.S. has indicated that one in three security jobs are vacant. Even when talent is available, access to highly skilled expertise remains a challenge, because security is not an easy area.”

“As security threats continue to become more complex, and organizations are understaffed, security experts will continue to seek out managed security services. But these services have to be paired with technology that leverages artificial intelligence and machine learning to reason across all the latest kinds of threats that we have seen to allow those precious cybersecurity resources to focus on the important issues rather than trying to analyze thousands of different alerts,” says Younis.

How artificial intelligence and machine learning are transforming cybersecurity

“Vendors suffer more than anyone from the lack of cybersecurity talent,” says Fortinet’s Santos. “It’s difficult enough to find a SOC analyst or a cybersecurity expert in sales, but try to find reversers or threat hunters, and then you have a real challenge. And the fallout of not having enough talent is not being able to keep up with the sheer amount of threats. It’s a challenge that’s only going to grow, but machine learning is coming to the rescue. We’ve been using machine learning for a long time to help us do IPS signature creation, and I think it’s really starting to show that it’s up to the challenge of helping us cope with the lack of talent in that area.”

“Machine learning detection models can adapt to individual environments,” says Younis. “They adapt not just to the environment, but also to user behaviour, in order to reduce what we call false positives and being able to pinpoint threats that will not be found in the traditional hunting approaches. Many security organizations nowadays understand the value of machine learning for security. But not many of them have the luxury of professionals who have the expertise in both security and data science. Good products actually have both.”

“What’s harder to hire than a cybersecurity expert? A machine learning expert,” says CDW’s Ivo Wiens. “Clients are confused about how to start introducing machine learning and AI to solve their staffing issues."

“The reason we’re starting to look at this is the amount of data out there,” Wiens continues. “Threat intelligence is coming from everywhere now, and we have to make sense of it for our organization, so my answer to clients is typically to leverage your partners that are doing the right thing in the back end and try to find ways to adapt what they’re doing to what you’re doing within your organization.”

“For those larger organizations that have a data analytics department, do some digging into that department to see how much they can help you automate and save some effort on your side of the house,” says Wiens.