Tag Archives: CISO

How WithSecure Offensive Security Drives Business Resilience!

Find out how WithSecure harnesses the power of offensive security to drive business resilience and enhance protection for its clients!

 

WithSecure Drives Business Resilience Through Offensive Security!

WithSecure (formerly known as ‘F-Secure Business’) is harnessing the power of offensive security in its co-security and co-monitoring products and services. This revolutionary approach is designed to anticipate and mitigate cyber threats by understanding them from an attacker’s perspective.

During the SPHERE security conference 2023, WithSecure’s Chief Product Officer, Antti Koskela, shed light on their game-changing offering called ‘attack surface management.’ This managed service offers a comprehensive view of vulnerabilities in a company’s cloud-based estate.

As a result, WithSecure’s focus on the digital perimeter empowers businesses to reduce their overall attack surface, enhancing their cybersecurity posture in the ever-evolving threat landscape.

Recommended : WithSecure Takes Offensive Security Approach To Cloud Threats!

 

How WithSecure Offensive Security Drives Business Resilience!

WithSecure also introduced three groundbreaking services that amplify their commitment to ‘outcome-based security’ and ‘co-security’. This groundbreaking development was revealed by WithSecure Executive Vice President (Solutions) Scott Reininga, also at the SPHERE security conference 2023.

Reininga underscored WithSecure’s unparalleled expertise in offensive security, revealing that they are the home of one of the world’s most proficient offensive security teams. This team, a fusion of penetration testers (pentesters), red, blue and purple teamers, has profound knowledge of adversary tactics, tradecraft, and techniques.

Penetration testing is a cybersecurity practice that aims to discover vulnerabilities in a system by simulating controlled attacks. Their goal is not to cause damage but to pinpoint weaknesses for rectification. This proactive method, which can involve exploiting software vulnerabilities or simulating social engineering tactics, is key in any comprehensive cybersecurity strategy, offering a practical evaluation of potential risks rather than a theoretical one.

Our relentless pursuit of research and system testing allows us to uncover system vulnerabilities proactively. This crucial data is the building block of our products that are proactive, minimally disruptive, and crafted from the perspective of an attacker.

– Scott Reininga, WithSecure Executive Vice President (Solutions)

These insights were unveiled by Reininga during his recent product launch event titled ‘Co-security and co-managed services for partners’. He was joined on stage by WithSecure Vice President (Offering and Customer Experience) Niko Isotalo.

Expanding on WithSecure’s strategic approach, Isotalo said that the company’s outcome-based security framework model “connects Chief Information Security Officers (CISOs) and board members, offering clarity about the interplay between security outcomes and business objectives.”

This alignment clarifies the indispensable role of security in the core business framework to board members.

– Niko Isotalo, WithSecure Vice President (Offering and Customer Experience)

Recommended : Avanade Launches New Generative AI Services!

Reininga and Isotalo unveiled the three new offerings during their joint session. The first, termed “co-monitoring,” is a partnership model. WithSecure validates the genuineness of security incidents before alerting the duty manager, effectively curbing false alarms.

WithSecure collaborates with clients to supervise their digital ecosystems, particularly during periods when they are stretched thin on resources. This service, providing support beyond standard working hours, can also deliver round-the-clock monitoring if necessary.

Isotalo further introduced the second service, incident readiness software, recognising that many organisations lack comprehensive incident readiness plans.

Our software simplifies the creation, testing, and updating of such plans, which serve as essential shields against cyber threats.

Recommended : 5 Strategies for Negotiating Airfare Discounts with SAP Concur!

Focusing on the urgency of immediate incident response, Reininga introduced the third service, an incident response retainer.

Our incident response retainer provides unlimited incident response within the critical initial 72 hours of an event. We eliminate the need for negotiation about budget and resource allocation.

We engage consultants rapidly, supported by our globally lauded 24/7 incident response team and top-tier threat intelligence unit, guaranteeing our customers industry-leading service level agreements (SLAs).

By integrating offensive security acumen, co-monitoring capabilities, incident readiness software, and swift incident response, WithSecure empowers organisations to effectively safeguard their digital assets and curtail the impact of potential breaches.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurity | Tech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Incident Response – Five Key Factors CISOs Should Consider!

Maxim Frolov, Vice President of Global Sales, Kaspersky Lab, speaks about Incident Response, a critical tool of every cybersecurity team to respond to, and manage cyberattacks.

Here are five key factors he believes every CISO (Chief Information Security Officer) should consider while formulating their companies’ Incident Response process.

 

Cyberattacks Are Inevitable

As cyberattacks become more sophisticated and frequent, many CISOs agree that a cyberattack on their companies are inevitable.

They also believe that the speed and quality of their incident response are the most important factors in measuring their performance.

Hence, IT security departments are now focused, not just on preventing attacks, but also on identifying the issues in time to minimise damage.

 

What Is Incident Response?

Incident Response (IR) is the methodology a cybersecurity team uses to respond to, and manage cyberattacks. It aims to reduce damage and recover from an attack as quickly as possible.

A good incident response plan also includes a thorough investigation to learn from an attack, in order to prepare for and prevent a repeat attack in the future.

 

The Five Key Factors CISOs Should Consider About Incident Response

While CISOs understand that a well-developed, repeatable incident response plan is critical, they face five major issues in developing a good plan.

Factor #1 : Shortage Of Qualified Professionals

Incident response does not mean jumping into the remediation phase when an incident happens. It actually starts before an attack has occurred, and does not stop after the attack ends. In general, it consists of four stages :

  • Stage 1 : All responsible employees are prepared, so they know how to act when an attack happens
  • Stage 2 : Detection of an ongoing cybersecurity incident
  • Stage 3 : The incident response team eliminates the threat and recover affected systems
  • Stage 4 : The incident response strategy is reviewed based on this experience, to mitigate against a future attack

Such diversified activities require different types of professionals, who are in short supply. According to a Kaspersky Lab survey, CISOs find it quite impossible to find malware analysts (43%), specialists that can respond to an attack (20%) and threat hunters (13%).

The other issue is employee retention. Specialists know that they are in great demand, and easily switch to a rival organisation for a higher salary. It is, therefore, increasingly hard for companies to employ and retain a team to conduct the entire incident response process.

Factor #2 : Choosing Suitable Outsourcers

Because of the difficulties in forming an internal Incident Response team, many companies opt to outsource the job. However, it is no trivial task to choose a suitable third-party IR team.

A good outsourced Incident Response team should be proficient in the important IR competencies, namely threat research, malware analysis and digital forensics.

Their capabilities should be ascertained through vendor-neutral certification, and past experience. The diversity of their client base is also important – working in a variety of industries will allow them to find similarities in seemingly disparate cybersecurity cases.

Companies in strictly-regulated industries will have additional restrictions when they are considering outsourcing candidates. They can only choose from IR teams that meet specific compliance requirements.

Factor #3 : Cost Of Incident Response

Establishing and maintaining an in-house Incident Response team is costly. Not only are full-time specialists expensive, companies also need to purchase solutions and threat intelligence services their IR team will need for threat hunting, data analysis and attack remediation.

Yet they cannot afford not to have an IR strategy in place. The average cost of a data breach is on the increase, now amounting to US$1.23 million on average. This is an increase of 24% from US$992,000 in 2017.

Some organisations may find the outsourced model to be more cost-effective and flexible. However, enterprises that deal with numerous incidents will find it necessary to have an in-house IR team.

To save costs, organisations can employ a hybrid approach – forming an internal team of first-level responders, with external experts on retainer.

Factor #4 : Synergy With IT Department

Both the Incident Response team and the IT department must understand their respective roles and work together. After all, they have conflicting objectives when a cybersecurity incident occurs.

The IT team will want to shut down infected machines to reduce or prevent data loss, and stop the malware from spreading. On the other hand, the IR team will want to collect evidence, which would mean leaving the “crime scene” untouched even after the incident is over.

If the IT team disconnects the machines, and/or stores the logs for only three months; that would make the IR team’s work a great deal more difficult.

To avoid such issues, the internal IR team should provide tailored guidance or training for their IT colleagues. This would ensure that both teams are on the same page when an attack happens.

Factor #5 : Delays In Responding

Organisations that rely on outsourced IR teams can quickly get their incident response processes in place, because the external IR team is always at hand to step in and help resolve an incident.

However, this can only happen after contracts are signed, and agreements ratified; leading to a delay in incident response.

In Maxim’s experience, an organisation often comes back to work on Monday to discover that they were breached during the weekend. They will try to handle the incident for several days, before turning to external experts.

However, it’s usually Friday by the time they start seeking help. Even if they have a pre-vetted contractor to turn to, and rush the approval of an agreement; it will take several more days before the external IR team can get to work.

Hence, it is a good idea for organisations to have an internal Incident Response team (even if they are just first-level responders) that can quickly evaluate the incident and delegate responsibility.

 

The Most Effective Incident Response Strategy

For most large organisations, the hybrid approach to Incident Response is perhaps the most effective.

Combining a small in-house team with third-party responders will help them maintain an effective IR strategy, without the problems associated with maintaining a dedicated internal team or outsourcing the job completely.

Even though outsourcing incident response is attractive financially, it doesn’t mean the organisation can hand over the reins and absolve all responsibility for incident response. Having a suitable IR plan for their particular organisation is still important, as well as the need for the external IR team to liaise with the organisation’s IT team.

There should be a proper process for when employees should ask for external assistance, and what it will address. An employee should also be tasked with prioritising actions and coordinating between the external IR team and internal departments.

 

Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!