Author: Ravi Srivatsav
Now that we have mostly recovered from the hectic and engaging experience at RSA 2023, it’s time to take a closer look at the takeaways. We had so many people stop by our booth and many interesting conversations with business leaders worldwide and from many industries.
One of the functions of Inside-Out Defense – an Automated Moving Target Defense SAAS - is that it can immediately remediate privileged user access abuse. It’s a function we are very proud of because correlating users, their profiles, and activities across different environments aren’t easy.
We were surprised to hear some customers say they are not ready for immediate remediation. They liked that the option was there but preferred a notification with all the forensic data attached and then a manual option to shut down a user. Fortunately, we can do that too.
One CISO said they appreciate seeing a privileged access management solution that’s not just focused on shutting everything down. And they also appreciated how Inside-Out Defense could give them much more detailed information about individual users than what they currently have access to.
Manufacturing Takeaways
Over the past couple of years, Large companies have experienced rapid growth, using the best technology, adapting to a remote work environment during COVID, and addressing never seen before issues in the supply chain and third-party contracts. Their biggest challenge is knowing what their users are doing in real time. The more distributed the organization uses SAAS applications and various cloud environments, the bigger an attack surface they have.
They were very excited about the comprehensive 360-degree view we can provide of every user at any time, and they especially praised our complete user catalog and uncompromisable forensic audit log.
Many shared that they spend millions of dollars to pass compliance tests but still need a clearer understanding of what each user is doing at any time.
For instance, they don’t know how many spawned identities a user could have in a cloud environment, a question we can quickly answer. One CISO from a major transportation company shared that they are essentially throwing a Hail Mary daily, hoping they hired good people and those hired y are responsible users who behave like they are supposed to. Good intentions, but that is a very stressful way to do user management.
Education Takeaways
The educators we talked to have very similar issues to the manufacturing industry. Most universities enable student access to cloud environments but need more visibility of what the students are doing there.
Higher education and schools were a prime target for hackers last year, and now they are attacked constantly – so everyone fears they are the next target.
The educational sector liked the in-line remedial function and appreciated that they could both see what’s happening in a cloud environment and immediately remediate it.
Colleges often have a churn of visiting scholars and students who are on campus for a semester or two, then leave. They said their onboarding systems are reasonably good, including both SAS and non-SAS, once the visitor leaves their campus assignment, the university often has no way of knowing what they did while in the school’s system.
They may have had access to a cloud environment and took the opportunity to spawn other profiles there. A research institution needs to be able to decommission a temporary user properly and to be able to get a real-time view of privilege creep and other unexpected behaviors that the user may have engaged in.
If they used Inside Out Defense, they’d still need a SOC team, but they wouldn’t need to build one to deal with access issues specifically, and that is a huge money saver.
Healthcare Takeaways
The most significant concern in the healthcare industry is the secure management of sensitive data and ownership.
Most healthcare organizations realize that sensitive data is a moving target, so they can’t just put firewalls up around all of it – because they can’t function without access.
Accurate forensics is also a high priority.
Let’s say they know there is a data leak: they can find the leak but can’t find the root cause because they don’t know who has touched their sensitive data or how it’ has been manipulated. The data could have been copied, file shared, or downloaded, and without a detailed, incorruptible data log - no one will be able to show what happened.
Alerts, Alerts, and More Alerts….
IT teams across industries are exhausted by the type of alerts they are getting. But it’s not so much the number of alerts (which can also be overwhelming) as it is the constant crying wolf that is wearing people out.
The cybersecurity systems are so siloed that it is quite possible that data abuse happened AND that the systems did their jobs and issued an alert - but it takes a lot of human intelligence to understand the alert. The result is that IT teams are constantly working triage on alerts of little consequence. Once they’ve dealt with one batch of alerts, a new one awaits remediation. They want alerts of a higher quality and with forensic data attached.
Rural Areas - In Need of Help
The FBI recently issued an alert stating that rural America, with its small school districts and smaller businesses, is an attack surface that poses a considerable risk to the nation’s cybersecurity. In major urban centers like New York and San Francisco, talented cybersecurity staff is abundant, but it’s tough to find qualified cybersecurity people in remote areas. One customer said that only a handful of people could do cybersecurity in their respective countries.
Automation can solve some of these problems in rural areas, and our dashboard is very approachable and easy to understand – even for those unfamiliar with computer science.
What can be done by hand today, mining through millions of rows of data looking for a discrepancy or an unusual pattern, can be much easier and more accurately done by a platform such as Inside Out Defense.
CONCLUSION:
As cybersecurity threats increase their sophistication to find new avenues for disruption, solutions focusing on static signatures of threats are missing a crucial understanding of rogue actors' increasingly sophisticated yet unknown behaviors. Customers need solutions that can operate at scale to address some of the most persistent problems in security in real-time.