Technology is constantly evolving and now, more than ever, staying ahead of the digital evolution – specifically cybersecurity – is integral to an organization’s success. This past year, we have seen a major rise in ransomware attacks, and businesses have been paying the price. There are plenty of lessons to be learned from these instances to better protect IT systems and corporate environments moving forward, but the most important finding is that ransomware is now a business security issue for every organization, across every industry and vertical. Unfortunately, in 2022, the threats will likely continue to increase as technology becomes more advanced and hackers develop new tactics. These are the three cybersecurity technologies that every security professional should be aware of to effectively protect their organizations going into 2022.
By Ivan Paynter, National Cybersecurity Specialist at ScanSource
A Zero-trust Environment / Software-defined Perimeter
When it comes to ransomware attacks, hackers cannot encrypt systems they do not have visibility into. However, by combining two technologies – zero-trust and software-defined perimeter – it is possible to address this concern. Software-defined perimeter, in combination with zero-trust, allows for constant enumeration of the user’s device, as well as verifies the identification and access level of the user. Once the user device is verified to the required standard – and only at that time – will the distant end device port be accessible to that user. The strategic use of these two technologies ensures greater security for the organization, as it only allows users access to the network’s element at their designated user accessibility level. This type of platform can be configured in numerous ways to meet one’s cybersecurity needs. At the end of the day, this technology allows users to access the level necessary to perform their required functions. Once the user logs out or is timed out the port is closed, and the distant end system can no longer be identified, as no ports will respond to inquiries.
MDR/EDR/XDR
Endpoint Detection and Response (EDR) is truly the next generation anti-virus with intelligence. Extended Detection and Response (XDR) ties in EDR data with network events for greater visibility within the environment. EDR’s also allows for greater visibility into behavioral analytics. Just because the user has access rights to data does not ensure his or her due diligence with said data. EDR and XDR applications increase visibility and correlation of events taking place within the environment reducing the noise so one may identify the threat expediently, therefore reducing dwell time. As a standalone, most EDR systems provide value-added data but do not provide an in-depth holistic view of the environment. However, integrated with other standard cybersecurity tool sets and EOG 24/7 provides a level of security to allow any CISO a good night’s sleep. MDR platforms become a vital and necessary point of protection from ransomware and other forms of malware.
Technology (Good, Bad and Ugly)
On the opposite side of the conversation, hackers and scammers are also utilizing artificial intelligence and machine learning to their advantage as well. Machine learning and artificial intelligence technologies are great defenses but are also being used to defeat existing cybersecurity defenses. For this reason, it is imperative organizations remain vigilant and current within their defenses. This is one very strong reason to use a third-party security service to monitor. manage and secure their environment rather than trying to build their own security operation center. Third-party security services are particularly adept at identifying and eradicating malfeasance quickly, to ensure business continuity. Dwell time has now been reduced from months to minutes due to the tool sets, data gathering and correlation most MDR deploy. With the use of behavioral analytics, machine learning, vulnerability scanning, network segmentation, east/west monitoring, and traffic analysis Network Security Operation Centers, combined with artificial intelligence, organizations (ideally through a third-party security provider) can gain a much better understanding of their environments and their user community.
BONUS: The Human Firewall
In addition to staying up to date on the latest technology trends and tools in the cybersecurity industry, it would be unwise to ignore one key element of cybersecurity that does not come from the latest technologies. In the industry, we like to say that the most important line of defense sits between the computer and the chair. As we observed in the Brenntag attack in April 2021, it’s imperative to start with the fundamentals of cybersecurity and provide awareness training, establish multi-factor authentication, network segmentation, and constant vulnerability monitoring. The human firewall is the most effective first and last line of defense against cybersecurity attacks.
About the Author
Ivan Paynter is the National Cybersecurity Specialist of ScanSource and has over 30 years of experience in cyber security, working at Verizon and Masergy before coming to ScanSource in 2019.
Disclaimer
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
