RSA Roundup Day 3: VMware Carbon Black Cybercrime Outlook, Secureworks

Many organizations said IT and security have a negative relationship.

Edward Gately, Senior News Editor

February 26, 2020

5 Min Read
Hooded mass of unknown faceless computer hacker and cyber criminals with a world map of internet usage and binary code
Getty Images

Day three of this week’s massive RSA Conference 2020 in San Francisco brought the release of VMware Carbon Black’s 2020 Cybersecurity Outlook and Secureworks’ new cloud configuration assessment.

The report uncovers the top attack tactics, techniques and procedures seen over the last year. VMware Carbon Black also collaborated with Forrester Consulting on a survey of more than 600 IT/security managers and above, including CIOs and CISOs.

Among the top findings:

  • Attacker behavior continues to become more evasive, a clear sign that attackers are increasingly attempting to circumvent legacy security solutions. Defense evasion behavior was seen in more than 90% of the 2,000 attack samples analyzed.

  • Defense evasion behaviors continue to play a key role with ransomware. These ransomware attacks are heavily targeting organizations in energy, government and manufacturing sectors.

  • Wipers (attacks that can overwrite data and clear hard drives) continue to trend upward as adversaries (including Iran) began to realize the utility of purely destructive attacks.

  • IT and security teams appear to be aligned on goals — preventing breaches, efficiency and incident resolution — but more than 77% of survey respondents said IT and security have a negative relationship.

  • Fifty-five percent of respondents said driving collaboration across IT and security teams should be the organization’s top priority over the next 12 months.

  • More than 5% of respondents said both security and IT will share responsibility for key areas like endpoint security, security architecture and identity/access management over the next three to five years.

Tom Kellermann, head cybersecurity strategist at VMware Carbon Black, tells us the high number of respondents claiming that IT and security have a negative relationship within their organization is both surprising and concerning.

Kellermann-Tom_VMware-Carbon-Black.jpg

VMware Carbon Black’s Tom Kellermann

“This shows that despite vastly increased awareness around cybersecurity and the continued conversation around increased collaboration, there is still a lot of work to be done,” he said. “Security should be a team sport; however oftentimes it can feel like the two sides are at odds, given the constant evolution of the attacker and the large number of IT footprints that attackers can target. It’s common to find that some organizations have misaligned priorities between IT and security teams (often driven by process and organizational challenges including discrepancies among reporting structures, budgets, processes or skill sets), and for things to function like a well-oiled machine the right hand needs to be talking to the left.”

This issue is further magnified by the C-suite’s perception of IT and security staffing, as only 31% of C-suite respondents said their IT and security teams are understaffed, while 61% of VP-and-below respondents said these teams are understaffed, Kellermann said.

“This 30-point delta suggests that the C-suite may be out of touch with the day-to-day IT and security resourcing needs for the organization,” he said. “In light of the security talent shortage, organizations must play as a team to best defend against cyberattacks. Executing a consolidated IT management and security strategy will help break down silos and empower respective teams to tackle security.”

The ability to drive collaboration and share decision making are key functions security and IT teams need to master in order to work cohesively to defend against new attacker behaviors, Kellermann said.

“As hackers continue to evolve, IT teams need to …

… look toward security solutions that are built in and not bolted on,” he said. “Now is the time for security to become intrinsic to how we build, deploy and maintain technology. IT and security professionals alike are optimistic that shared responsibility will become the norm and, perhaps, drive better alignment across many critical areas of the business.”

Also at RSA, Secureworks announced the launch of its new cloud configuration assessment. Based on VMware Secure State, Cloud Configuration Review addresses pervasive security challenges in public cloud adoption, including the exposure of critical assets due to the misconfiguration of security options and insider mistakes.

Travis Callahan, Secureworks’ senior director of product management, tells us there will be opportunities for partners in the near future when his company includes Cloud Configuration Review as part of its menu of proactive services available via its incident response retainer.

Callahan-Travis_Secureworks.jpg

Secureworks’ Travis Callahan

“There are two key competitive advantages that Cloud Configuration Review gives Secureworks and partners,” he said. “It offers real-time visibility to look not only into each individual cloud environment, like they would traditionally, but across their multicloud assets as to have an overview of misconfigurations. It provides the consultancy expertise and experience to make sure those misconfigurations are prioritized according to each customer’s security context, and also that the customer has an understanding on what are the priorities and what are his next steps in remediating those misconfigurations.”

VMware Secure State protects millions of cloud resources across AWS and Azure clouds, and enables security teams to get real-time visibility, improve speed and sophistication of vulnerability detection and correlate security risk across cloud infrastructure. Delivered as a service, it facilitates collaboration between security, operations and engineering teams for reducing the risk of security breaches.

“While we do already have a managed services relationship [with VMware], this is the first collaborative effort … to bring a product to market,” Callahan said. “We look forward to future opportunities from this extended security relationship between VMware and Secureworks.”

“The security industry is facing an acute shortage of talented engineers that can tackle security challenges associated with modern applications and cloud technologies,” said Jason Needham, VMware‘s senior director of cloud security. “As companies continue to increase their cloud footprint, skills shortages and lack of tooling create a profound security risk for companies delivering mission-critical applications in the cloud. This pairing of SecureWorks’ human intelligence with the VMware Secure State service can help address this gap for our mutual customers.”

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like