Security Roundup: Optiv-Momentum, SafeBreach, T-Mobile Breach
The cybersecurity talent shortage is projected to hit 1.8 million jobs by 2022.
![Cybersecurity Cybersecurity](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt952145336ed13e33/6524fb5a16f15a6d70171d87/Cybersecurity.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
The cybersecurity talent shortage is only going to get worse until there is a massive effort to train millions of new cybersecurity professionals.
In the meantime, Optiv Security and Momentum Cyber have published a white paper that discusses the five key trends and technologies that could dramatically reduce the impact of the skills shortage by creating much greater efficiency in enterprise security programs.
The talent shortage is projected to hit 1.8 million jobs by 2022.
Optiv Security’s Todd Weber
Todd Weber, Optiv’s vice president of partner research and strategy, tells us that until “we start thinking of different ways to train people on a mass scale for cybersecurity, I don’t see that changing.”
“… How do we do things in elementary schools, to where we’re not trying to train up 1 million people, we’re training up 10 million people?” he said. “Get them exposed to cybersecurity at a very early age and then build that as part of the educational system.”
Worsening the problem is the increasing number of new security tools along with the proliferation of new cybersecurity companies, he said.
Optiv and Momentum identified the following trends and technologies to tackle the problem:
Machine learning: By strategically implementing machine learning to areas where it will save time and improve effectiveness, enterprises can eliminate wasteful triage processes that rely on analysts sifting through piles of data and alerts to find actual threats. Machine learning also provides organizations with intelligence to streamline workload and workflow processes.
Platform consolidation: Several security vendors have been building out security platforms through technology acquisition and new feature development. These integrated platforms provide interconnected functionality that allows consolidated management more efficient than managing disparate point tools.
Security integration: By integrating tools, organizations can dramatically speed up detection and response. For example, if an endpoint tool detects an infected laptop, it can trigger changes to firewalls to block the malware from communicating with its command-and-control host. However, while most tools have APIs for integration, they often are limited, so security pros should factor API quality into their buying decisions when procuring security tools.
Automation and orchestration: Security automation and orchestration accelerate the movement of data between tools for the purposes of threat prioritization, response amplification, labor reduction and consistent workflow.
Continuous security validation: Once these integration, consolidation and automation strategies are in place, enterprises must have systems to test that their security controls are properly configured over the course of time, even as network changes are made. Continuous security validation tools automate and speed the process of identifying misconfigured security tools and network devices.
“One or two of these five can make a large impact, it kind of depends on people’s maturity model and how much they’re willing to invest into those efficiencies,” Weber said. “Some of them are hard to avoid these days. Name a tool you can buy that doesn’t say machine learning or artificial intelligence (AI) on it somewhere? But that’s not really the question. What people should be asking is …
… not does it have ML, but what kinds of things can I do with it? How do I get outcomes out of this – meaning I’m looking at these large data sets – how do I get pattern recognition from these that I wouldn’t normally get as a human being? What sorts of outcomes can I pull from this?”
Partners can help organizations deal with the talent shortage in multiple ways, Weber said.
“We’ve already built many of these things and we’ve already done many of these things, and taken the trial and error component out of the mix, as well as how all these systems can be orchestrated,” he said. “Not all APIs are created equal. The amount and quality of the data you can pull or push differs tremendously, and the documentation of what you can do within those APIs varies incredibly. Customers trying to do that on a trial-and-error basis all by themselves can take a tremendous amount of time, and the whole crux of this is you’re trying to save time.”
The channel can “backfill” the shortage and then help an organization strategize on outsourcing large portions of its cybersecurity operations to larger companies that are fully staffed, “especially toward the SMB space, which traditionally had one or two people for security,” Weber said.
“How are they supposed to watch 24/7/365?” he said. “There [are] some things they can do to keep that, but it’s wholly inefficient to try to keep that level of rigor on their systems over a forever time period with one or two resources. So how can channel partners’ help through managed services?”
SafeBreach Rolls Out New Platform Upgrade
SafeBreach has unveiled a new platform upgrade that extends security data with new classes of simulations to validate security controls, additional board-level metrics to drive prioritization, and new integrations to speed the process of remediation.
SafeBreach’s Guy Bejerano
Already able to simulate more than 3,600 attack methods, these new additions expand simulations further across each stage of a malware attack. Guy Bejerano, SafeBreach’s CEO and co-founder, tells us the updates open up new opportunities for his company’s partners.
Here’s our most recent list of new products and services being offered by agents, VARs, MSPs and other channel partners. |
“For example, with enhancements such as email and ransomware file-encryption simulations, our partners can now work with enterprise security teams to validate their email and behavioral-based endpoint security controls,” he said. “Our board-level risk metrics enable them to have strategic discussions with CISOs. And finally, our integration with Demisto’s automation and orchestration platform enables partners to offer the complete breach and attack simulation workflow — simulation, prioritization and remediation.”
Cyber Watch Systems, a Texas-based partner that provides security services, has established BreachWatch, an offering based on the SafeBreach platform, Bejerano said.
“We closed an opportunity within 25 days of launching this service,” Bejerano said. “There is a huge need by security teams today to proactively identify where they are protected and where they are not. Our platform approach and continued innovation such as with this product release deliver a huge advantage for all our partners.”
T-Mobile Data Breach a Lesson in Data Stewardship
Last week, T-Mobile announced a data breach that may have comprised the personal information of about 2 million customers. The company said no financial data, credit card information, social security numbers or passwords were involved in the breach, but hackers may have obtained …
… metadata such as customers’ names, billing zip codes, phone numbers, email addresses, account numbers and account types.
Alfresco’s Ankur Larola
Ankur Laroia, Alfresco Software