Guest Column | December 10, 2018

Cybersecurity Services: The Good

By Rob Boles, BLOKWORX

Procurement Cybersecurity

This is the first of a three-part cybersecurity series authored by Rob. Click here for part two and click here for part three.

I’ve spent the past 20 years in information technology — the entirety in managed services — listening to client’s questions, concerns, objectives, insights, and, ultimately, assisting them achieve their desired outcomes. Each of those 20 years security was top of mind.

You see, for those who I have not had the privilege of meeting yet, security has been my thing since day one, it’s in my DNA. Potentially a blessing as well as a curse … I frequently joke no one wants to talk with me at social gatherings because the conversation will at some point turn to cybersecurity. The reality of cybersecurity, though it sounds cool, is it can be a dark, unsettling conversation. Let’s be candid, the majority of humans want to live in their bliss.

When I started BLOKWORX, three pillars were identified which are weighed in everything we do: security, reliability, and positive user experience. It was organic and natural, but in late 2006 when the idea to create a service provider began circling, and well into the years of being in business, the SMB space was not yet embracing cybersecurity.

Clients and owners of MSPs would scoff at my insistence of securing technology environments, saying things such as:

  • What do I have anyone would want?
  • My clients won’t pay for that and the owner says we don’t have any budget for security.
  • I know you exist in a play hard or go home world Rob, but can we make a concession here anywhere?

Often times my follow up would be to ask if the person locks their car or their home when they leave it. Why? Because if you have nothing of interest, why the effort? But I digress …

What is going on in cybersecurity as we head down the homestretch of 2018 and transition into 2019? Great question. In the context of the channel and with a year of feedback from events around the country, following are some observations as to what’s good, what needs some work, and what’s missing.

Diversity In The Workforce
Women are more present in cybersecurity and IT in general, creating and contributing on all levels. Statistically, a common reference point for diversity in the industry is a 2013 Frost and Sullivan report which found women make up 11 percent of the global cybersecurity workforce. However, a 2018 Cybersecurity Ventures study puts the number at greater than 20 percent, a favorable trend.

Contributing to this growth are organizations including CompTIA and WiCyS, Women in CyberSecurity. CompTIA’s Advancing Women in Technology Community empowers women with resources and inspiration, as well as assists companies in creating culture which supports a diverse workforce. WiCyS is a community of engagement, encouragement, and support for women in cybersecurity and is dedicated to the recruitment, retention, and advancement of women in cybersecurity. Additionally, partnerships such as Palo Alto Networks and Girl Scouts of America are educating K-12 about cybersecurity with training and recognition including a cybersecurity badge.

There is no shortage of examples of women’s success and role models within the channel: Dana Liedholm with ID Agent and Christine Gassman at Datto are major contributors to each respected organization’s growth and success.

Infosec professionals on Twitter will yield a wealth of infosec knowledge and insights from a number of women including Amanda Rousseau (@malwareunicorn), Azeria (@Fox0x01), and Kyla Guru (@GuruDetective), each well respected with thousands of followers including high profile industry players and manufacturers.

Theresa Payton, a former White House CIO, is a cybersecurity thought leader who I recently had the privilege of hearing speak at an ASCII Summit in Seattle. Listening to Theresa share scenarios and observing how she deftly navigated personalities, process, and outcomes with grace in a ridiculously charged, high-profile environment was nothing short of brilliant.

Zero Trust Networks

The Zero Trust Architecture model was created in 2010 by John Kindervag, then a principle analyst at Forrester Research Inc. The strategy was pioneering in that instead of building defenses by the traditional means of blocking undesired or questionable activity, Zero Trust would only permit sanctioned or explicitly permitted activity.

Zero Trust assumed the network to be hostile, with external and internal threats always present. There would be no consideration for internal or external traffic (no trust or untrust zones) as all hosts and resources within the environment would be untrusted. With network locality an incomplete means of identifying trust, and BYOD, users, and access presenting infinite variables, every device, user, and access must be authenticated and authorized. “Verify Then Trust” becomes the mantra.

Concepts Of Zero Trust

  • all resources are accessed in a secure manner regardless of location
  • access control is on a need to know basis and strictly enforced
  • inspect and log all traffic

In 2018, the technologies required to create and maintain Zero Trust networks have moved to the forefront. The conversation around Zero Trust is extensive, and though this is merely an introduction if not already familiar with the model, Zero Trust Networks by Evan Gilman & Doug Barth is a great resource And there is tremendous depth in additional resources available on the net searching “zero trust resources.” While not my first choice for late night reading, Zero Trust is widely regarded in enterprise circles as the most effective framework for securing resources and I expect to see wider adoption in the channel in 2019.

Artificial Intelligence And Deep Learning

By now, unless you’re living in a cave, the terms AI, Artificial Intelligence, Machine Learning, and Deep Learning have been floating around as the latest buzz terms thrown about by marketing. Perhaps too much though as it has become challenging to find substance within the white noise.

It’s not all hype. While AI has been around for years, its successful deployment within cybersecurity presents the opportunity to collectively enhance our defenses while offsetting the talent shortage, both current and projected, in cybersecurity. There is of course risk, as the potential for bad actors to learn and trick the technology cannot be ruled out. However, with large enough data sets combined with deep learning this risk is reduced and currently the results are highly favorable.

Companies such as Deep Instinct, BlueVector, and Darktrace are leveraging varying levels of Artificial Intelligence and Deep Learning and offering cyber prevention and detection capabilities far exceeding traditional defense mechanisms. While there remains no silver bullet in cybersecurity, the potential of AI and Deep Learning combined with real-world success these players are demonstrating is trending positively. With the stark reality being humans simply can’t keep up with the threat malicious AI will present, an equally armed prevention strategy is imperative.

Threat Intelligence Sharing
In 2014 the Cyber Threat Alliance was founded. Originally an informal agreement between Fortinet, McAfee, Palo Alto Networks, and Symantec, the participants quickly realized the potential for greater good and began to consider how to expand the mission. In 2017 the Cyber Threat Alliance re-launched as an independent organization, aggregating and sharing advanced threat data with resources and a platform for sharing actionable, contextualized, and campaign-based intelligence.

The bigger picture became to better protect customers, thwart adversaries and, simply put, to improve the security of the digital ecosystem. Membership criteria was defined, and multiple levels of access created in order to expand the membership on a contribution and receive basis. Today the organization has grown to include additional members such as Cisco, Checkpoint, Juniper Networks, and Sophos. While the marketplace is competitive, collaboration at this level between the major players is an absolute benefit to all, and greatly improves our collective ability to defend users and environments.

MISP-Project, or MISP Threat Sharing, is a free or open-source threat sharing platform providing threat intelligence including indicators of compromise of targeted attacks, vulnerability, threat, and financial fraud. Additionally, DHS Automated Indicator Sharing is a free resource enabling the exchange of cyber threat indicators between the private sector and the government. These are three examples among many for collaboration defending the greater good.

About The Author

Rob Boles is a cybersecurity expert and privacy advocate. He created BLOKWORX in 2006 to further his passion for creating fast, reliable, and secure networks. From day one BLOKWORX focused on security, reliability, and positive user experience by understanding how things work, extensive research and testing, alignment with vendors, partners, and clients, and the experience of thousands of nodes managed and monitored, all supported by a mature delivery model built from years of operational experience.