Technology has finally evolved to a place where you can trust a lot of what it can do, explains Jason Mical, VP of Endpoint Products, Fidelis Cybersecurity.
Q: What is Fidelis focusing on at GITEX this year?
A: We are launching a new platform for Fidelis. Traditionally, Fidelis has sold two different solutions, one is a network-based solution to detect threats and do analytics. Then, we had an endpoint solution that was for incident response and forensic analysis. We’ve spent an enormous amount of time building the platform to migrate both of them into a single solution. We are launching the Elevate platform here at GITEX. We’re very excited about it and the Elevate platform is first of its kind really, to seamlessly integrate a full suite of network and endpoint detection and response in an automatic fashion.
Q: How is automation changing the cybersecurity landscape currently?
A: It’s mandatory now. The landscape of cybersecurity solutions is so vast. With that comes an enormous amount of information that can be provided by all of these technologies and it’s overwhelming the industry. The threats are huge and they’re increasing regularly. The technologies are increasing with the data that they can provide. This leads to many problems.
One of these problems is that the solutions don’t inter-operate with each other. A lot of people will try and dump something into a SIM, but the SIM doesn’t really provide context and content to really give you the information. With that being said, automation is becoming mandatory because the industry is suffering from what we call alert fatigue. Companies are getting inundated with so many alerts and events from all these different products. They’re making their investments to help protect themselves, but now, they’re getting overwhelmed with all of this data. Unless you truly have an integrated platform to automate as much as the workflow as you can, all you’re doing is creating a lot of work and you don’t have the skills and the staff to address it.
Then, when the breach happens, you think, “How did this happen? Why didn’t we get alerted on it?” Well, guess what, you did, but it was so deep into the information you had no idea because it was drowned out in the noise. So, it’s critical for the industry to migrate to let technology do the work. Technology is finally in a place where you can trust a lot of what it can do. Maybe not take an automatic action against your asset, but at least automatically grab and validate and do things that normally takes a very manual step or process or resources to accomplish.
Q: How does ADR differ from the existing approach?
A: Under the traditional approach you have technologies on your border that are surveillance cameras looking for threats, but then they’re just generating alerts. Then, these alerts could maybe go into a SIM or security operations centre dashboard, where then you have analysts looking at this massive amounts of alerts.
Then, they have to say, “okay I need to pass this off to next level because it looks like something has actually happened but they don’t know”. Then, they pass it to the next person and then that next person says, “Okay, they got a checklist of things that they need to go and do to validate, what is this machine? Is it a laptop? Is it a desktop? Is it a server? Where is it? What is the function of this thing?” The list is very long. “What’s the business impact? If I pull this thing from the network, is it going to shutdown our e-commerce?”
Just that is time consuming. Then, they need to get on the machine and pull data from it. “What did I see in my alert from the network-based detection engine? Now, I need to get on this endpoint and search it and try and verify, “Did it actually occur or was it actually a false positive?” Then, you go from the next step, “Okay confirmed. Now what?” Now, we’ve got to triage and do deep analytics and forensics to try and figure out what really is the damage, and then figure out, how big is the scope of the damage? Is this the only machine involved? If it is, okay, let’s fix it and get it back into production. Or, is this half of our environment that’s been impacted by this? These are all very manual and broken steps. That’s exactly what our vision at Fidelis Elevate is, to be able to automatically do those steps for you. The critical piece that you have to look at is automatic detection. No matter what. If it’s movement, data moving, or it’s data doing weird things on your endpoint, to be able to automatically detect it and confirm it.
Now, you’re not wasting time doing what I call whack-a-mole. Something popped up, hit it. Okay, here it is over here, hit it. You’re just doing an analytics and response. To be able to automatically detect the threats, confirm them and take automatic actions, whether it be, for example, containment; traditionally, again, if I’m a level two analyst, I’m going to find that box and I’m going to go unplug it so it can’t spread. Well, that could take hours, days, weeks to accomplish and it’s very manual.
To be able to take the next level of approach of, “Okay, validate it and isolate it,” so this thing has been contained. It can’t spread, it can’t do additional damage. Then, be able to provide, automatically, every piece of analytical information you would need.
Having a single dashboard allows you to have a single view of everything you would need to make the determination, “What actually happened, how big of this, what’s my scope, where’s my patient zero? What was the first entry point for this thing?” It doesn’t end there because once you figure all that out, now, you got to figure out, “What am I going to do about it? I’ve confirmed it, it’s in. Now, I got to get rid of it and learn from it.”
That’s another big problem that the industry still suffers from is they put their finger in the dyke of the dam that’s leaking, but they don’t learn how the crack happened. Then, also the crack happens again and they’re not learning. Common practice is, “Okay, this box has been breached. We’re going to re-image it, put a new operating system on it and put it back into production.”
Not figuring out how that thing actually happened, was it a vulnerability, was this machine unpatched? If you don’t do that, you’re never going to prevent it again. Having the capability to automatically detect, automatically validate, automatically respond and automatically remediate. Now, automatic remediation is a little tricky, because people get a little reluctant to say, “I’m going to stop a process” or “I’m going to delete information automatically from a machine”, myself included. Back in the day, I was freaking out when IPS came out.
“You’re going to block something from my network automatically without me knowing? I don’t think so.” But now the trust level’s there because the technology’s evolved and become more confident. With that being said, Fidelis Elevate provides all layers of that workflow, it gives you the information automatically in a single console. Then, if you want, you could easily just click a button and say, “Take this action. Not just about this one machine. Find everywhere it lives and take it all at the same time.”
Q: How have enterprises responded to the cloud-based solution that Fidelis launched at the beginning of this year?
A: Phenomenally, in America. In America, everyone wants to go to that. The nice thing is, from that perspective, we even offer Infrastructure as a Service because people just don’t want to have to manage the hardware, do the patching and everything else. They just say, “I just want access to my information so I can manage my environment.”
So Fidelis Cloud offering in America, right now, is offering carte blanche. We manage the whole operating system, we manage the servers, we manage our system, everything is. They just have access to the console and they do what they do need to do. It’s very nice because, from that perspective, you deploy our agents on your desktop or end points, you put our sensors in your network environment and everything else is magically happening for you in the background.
In the Middle East, it’s a little more challenging because cloud is not 100% accepted yet. Even in Europe it’s that way. Cloud hasn’t completely transitioned across the pond. It’s coming and people are getting more and more interested because people are wanting to go green and they want to shrink their environmental footprint and the technology. So we’re seeing it, people are interested in it.
Click below to share this article