2019 Security Predictions: Real or Bogus? Respond Experts Weigh In

Where is cybersecurity heading and what should security teams focus on in 2019?

We thought it would be helpful to examine the most common cybersecurity predictions for 2019. Business press, trade publications and of course vendors had a lot to say about emerging technology trends, but what predictions or trends will matter most? More importantly, how can security teams and CISOs turn these predictions into advantages for their business?

I sat down with Chris Calvert, industry expert who often says; “if you have a problem with how today’s SOCs work, it’s partially my fault and I’m working to solve that issue!” With over 30 years of experience in information security, Chris has worked for the NSA, the DOD Joint Staff and held leadership positions in both large and small companies, including IBM and Hewlett Packard Enterprise. He has designed, built and managed security operations centers and incident response teams for eight of the global fortune-50.

During our conversation, we discuss questions like:

  • Will we see an increase in crime, espionage and sabotage by rogue nation-states?
  • How will malware sophistication change how we protect our networks?
  • Will utilities become a primary target for ransomware attacks?
  • A new type of fileless malware will emerge, but what is it? (think worms)
  • And finally, will cybersecurity vendors deliver on the true promise of A.I.?

You can listen to his expert thoughts and opinions on the podcast here!

Want to be better prepared for 2019?
The Respond Analyst is trained as an expert cybersecurity analyst that combines human reasoning with machine power to make complex decisions, with 100% consistency. As an automated cybersecurity analyst, the Respond Analyst processes millions of alerts as they stream. Allowing your team to focus on higher priority tasks like threat hunting and or incident response.

Here’s some other useful information:

SecurityGeek Travel Guide: Pack your bags for these exciting cybersecurity events

Happy New Year Respond Software fans!

After hiking the Andes Mountains and exploring the coastal cities of Ecuador over the holidays, I’m ready to re-enter the virtual world with the rest of my cybersecurity enthusiasts.

During my travels, I soon realized I hadn’t been this disconnected in quite a while. No cell service, limited wifi and overall no connection with the outside world. However, just because I was disconnected, doesn’t mean I could stop worrying about potential cyber threats.

Because in reality, I am always at risk.

My mobile phone and banking cards transmit and store my personal information, which I value more than the contents of my backpack. My phone could be vulnerable to malware if I connect with local networks, my bank card could be susceptible to illegal card skimmers or I could stumble across a corrupt website and download a malicious virus.

Then it hit me, our best cybersecurity defense is ourselves. Which is why I always attend a variety of events throughout the year to stay up-to-date on the latest security trends and threats.

Now that I’m back from my travels, there are a number of events I’ll be checking out in February.

I’ve compiled a list of events that are relevant to all levels of security professionals. From CISOs to security practitioners looking for best practices to help with their day-to-day or recent graduates trying to get their foot in the cybersecurity door – these events provide something for everyone.
Feeling adventurous? Want to travel? Below is a list of events from all over the world:
CPX 360

CPX 360 is a premier cyber security summit. Attendees will receive up-to-the-minute intelligence about global threats and other vital topics from the world’s leading cyber security experts. In addition, attendees will be able to get hands-on with cutting-edge security solutions from Check Point, networking with your peers, and celebrating with the world’s cyber security elite.

QuBit

Qubit brings together senior level experts, decision makers and technical geeks in order to see the bigger picture and understand security issues from both sides of the fight. Attendees will learn about the latest trends and threats in the cybersecurity field and stay one-step-ahead of attackers. The event will have a number of highly educational presentations, visionary keynote speeches and technical case studies.

CybserSec Leaders’ ForSight

The CuberSec Leaders’ Foresight is an exclusive, high-level meeting that aims to discuss the activities to enhance European cybersecurity preparedness and foster a competitive IT industry.

If you are looking to network and talk with other security practitioners, check out the events below:

FUEL Spark Summit (Palo Alto Networks User Group)

FUEL Chapter Events (Palo Alto Networks User Group)

FUEL chapter events are local meetups where you’ll keep up with the latest in cybersecurity knowledge and technology. Connect in person with peers and experts to share experiences, advance your knowledge, and make allies in the field of cybersecurity.

DataConnectors

The DataConnectors Cyber Security Conferences feature 40-60 vendor exhibits and 8-12 educational speaker sessions discussing current cybersecurity issues such as cloud security, email security, VoIP, LAN security, wireless security & more.

My favorite part about these events, they’re free to attend!

SecurIT

SecurIT’s one-day event series create conversations and networking opportunities to address today’s security and risk challenges. At SecurIT, IT and security executives will discuss holistic and strategic approaches to manage the varied challenges around security and risk.

Need to brush up on new cybersecurity trends or acquire a new certification,? The FutureCon and SANS events can help with that:

FutureCon

FutureCon Events brings high-level Cyber Security Training discovering cutting-edge security approaches, managing risk in the ever-changing threat of the cybersecurity workforce. Gain the latest knowledge you need to enable applications while keeping your computing environment secure from advanced Cyber Threats. Demo the newest technology, and interact with the world’s security leaders and gain other pressing topics of interest to the information security community.

SANS

SANS cybersecurity events incorporate real-world examples and practical techniques you can apply directly to your work. Each event allows attendees to choose from 25+ information security courses taught by leading industry experts.

If you are looking to chat with one of our SMEs or industry experts at Respond Software, take a look at our events calendar to see what shows we will be attending!

Stay tuned for next month as we will release a detailed list of the upcoming events for March.

The Science of Detection Part 2: The Role of Integrated Reasoning in Security Analysis Software

Today’s blog is part two in my science of detection series, and we’ll look at how integrated reasoning in security analysis software leads to better decisions. Be sure to check back in the coming weeks to see the next blogs in our series. In part three, I’ll be taking an in-depth look at the signal quality of detectors, such as signatures, anomalies, behaviors, and logs.

If you’ve been reading our blogs lately, you’ve seen the term “integrated reasoning” used before, so it’s time to give you a deeper explanation of what it means. Integrated reasoning combines multiple sensors and sensor types for analysis and better detection. Before making a security decision, you must take into account a large number of different factors simultaneously.

What Is Integrated Reasoning?

Interestingly, when we started using the term, Julie from our marketing team Googled it and pointed out that it was the name of a new test section introduced in the Graduate Management Admission Test (GMAT) in 2012. What the GMAT section is designed to test in potential MBA candidates is exactly what we mean when we refer to integrated reasoning. It consists of the following skills:

  • Two-part analysis: The ability to identify multiple answers as most correct.
  • Multi-source reasoning: The ability to reason from multiple sources and types of information.
  • Graphic interpretation: The ability to interpret statistical distributions and other graphical information.
  • Table analysis: The ability to interpret tabular information such as patterns or historical data and to understand how useful distinct information is to a given decision.

All of these skills provide a combination of perspectives that allow you to reason and reach a well thought out and accurate conclusion. The same reason we are evaluating our potential MBA candidates against this standard is why we would design to this standard for security analysis software, or if you will, a “virtual” security analyst.

What is an MBA graduate but a decision maker? Fortunately, we are training our future business leaders on integrated reasoning skills, but when the number of factors to be considered increases, humans get worse at making decisions — especially when they need to be made rapidly. Whether from lack of attention, lack of time, bias or a myriad of other reasons, people don’t make rational decisions most of the time.

However, when you’re reasoning and using all of the available information in a systematic manner, you have a much greater chance of identifying the best answer. To put this within a security analysis frame of reference, let’s consider some of the information available to us to make effective security decisions.

What Information Should We Consider?

The most effective security analysis software uses anything that is observable within the environment and reduces the uncertainty that any one event should be investigated.

To achieve integrated reasoning, the software should utilize a combination of detectors, including:

  • Signature-based alerts
  • Detection analytics
  • Behaviors
  • Patterns
  • History
  • Threat intelligence
  • Additional contextual information

In order to make the right decisions, security analysis software should take into account three important factors: sensors, perspective and context. When you combine different forms of security telemetry, like network security sensors and host-based sensors, you have a greater chance of detecting maliciousness. Then, if you deliberately overlap that diverse suite of sensors, you now have a form of logical triangulation. Then add context, and you can understand the importance of each alert. Boom, a good decision!

Like our theoretical MBA candidate, security analysts have to hold hundreds of relevant factors in their minds simultaneously and are charged with making a number of critical decisions every hour. A tall order for a mere mortal, indeed.

Imagine this: A user receives a phishing email, clicks on the link a week later and is infected by malware. The system anti-virus reports “cleaned” but only found 1 of 4 pieces of malware installed. The remaining malware communicates to a command-and-control server and is used as an internal waypoint for lateral exploration very low and slow. This generates thousands of events over a period of weeks or months, but all of them have varying levels of fidelity. More likely, this is the backstory that an incident responder would eventually assemble potentially months — or years — after the fact to explain a breach.

Integrated Reasoning is a must for making sound decisions when it comes to deciding which security alerts to escalate for further examination. But with the amount of incoming data increasing by the minute, security teams are having a hard time keeping up. Your best bet is to choose security analysis software, like the Respond Analyst, that has built-in integrated reasoning capabilities to help with decision-making, so teams can focus on highly likely security incidents.

Curious to see how the Respond Analyst’s integrated reasoning capabilities can help your security team make better decisions? Request a demo today.

Neither SIEM nor SOAR–Can Security Decisions be Automated? Patrick Gray and Mike Armistead Discuss

We’ve asked the questions before, but we’ll ask it again: how much time does your security team spend staring at monitors? How about investigating false-positives escalated from an MSSP? More importantly, how are small security teams expected to cope with the growing amount of security data?

The world of security operations is changing. Extra processing power combined with faster mathematical computations, means security monitoring and event triage can now be analyzed at machine-scale and speed. With new innovations that leverage decision-automation, security organizations can analyze incidents more efficiently than ever before. Security teams no longer have to tune down or ignore low-signal events. Instead, technologies can now recognize patterns to identify malicious attacks that may have otherwise been overlooked.

So how will these new technologies impact security operations moving forward?
Mike Armistead, Respond Software CEO, recently sat down with Patrick Gray, from Risky Business, to discuss the state of information security today. In the 30-minute podcast, Mike and Patrick shed light on the future of security operations, discussing the limitations of traditional security monitoring/analysis techniques and the power of new technologies, like decision automation to change security forever.

During this podcast you’ll learn to:

  • Identify the biggest mistakes security teams make today and how to avoid it.
  • Manage the onslaught of data.
  • Increase your team’s capacity.
  • Stop wasting time chasing false-positives.

Listen to the full podcast, here!

Learn more about what the Respond Analyst can do for you!

Must-Attend December 2018 Information Security Events & Webinars

Security Geek is back with the top recommendations for upcoming cybersecurity events in December! I picked these events and conferences because they provide a wealth of information, knowledge, and learning materials to help your security team improve its efficiency and effectiveness in defending your environment.

Here are the top shows to attend:

DataConnectors: December 5, 2018 | Dallas, TX

DataConnectors: December 6, 2018 | Washington, D.C.

DataConnectors: December 12, 2018 | Chicago, IL

DataConnectors: December 13, 2018 | Fort Lauderdale, FL

The Dallas, D.C., Chicago & Fort Lauderdale Cyber Security Conferences feature 40-60 vendor exhibits and 8-12 educational speaker sessions discussing current cybersecurity issues such as cloud security, email security, VoIP, LAN security, wireless security & more. Meet with industry veterans and learn about emerging cybersecurity technologies.

My favorite part about the DataConnectors events – they’re free!


Cloud Security Conference: December 10-12, 2018 | Orlando, FL
The Cloud Security Alliance event welcomes world-leading security experts and cloud providers to discuss global governance, the latest trends in technology, the threat landscape, security innovations and best practices in order to help organizations address the new frontiers in cloud security.

IANS: December 12, 2018 | Webinar

In this webinar, IANS Research Director Bill Brenner and IANS Faculty Member Dave Shackleford look back at the biggest security news trends of 2018, what made them significant and what it all could mean for the year ahead.

 

Carbon Black: December 19, 2018 | Webinar

Learn how CB Defense, a real-time security operations solution, enables organizations to ask questions on all endpoints and take action to remediate attacks in real-time.

To stay up-to-date on where the Respond Software team is heading, check out our events calendar! The subject matter experts and industry professionals at Respond are always in attendance and ready to share their knowledge expertise!

November Information Security Events You Don’t Want to Miss

Your favorite Security Geek is back with some great news – a list of upcoming cybersecurity shows and conferences you need be aware of during the month of November!

There are numerous information security events happening on a monthly basis and sometimes it can be difficult to navigate which ones provide value and disregard the shows that are a time-waste. This is where we can help you out.

We’ve outlined a few of the top shows you should be looking at below!

FS-ISAC Summit: Nov 11-14 | Chicago, IL

Are you in the financial services industry? Well, then this is the show for you!

As Partners in the Information Security community, we have all been challenged in 2018 with the onslaught of DDoS and phishing campaigns with payloads that have included credential stealing malware, destructive malware and ransomware. These challenges are expanding the responsibilities placed upon us as security professionals and requiring us to ensure we are following best practices.

The FS-ISAC conferences provide information and best practices on how cybersecurity teams in banking and financial institutions can help protect their networks.

DataConnectors: Nov 15, 2018 | Nashville, TN
DataConnectors: Nov 29, 2018 | Phoenix, AZ

The Nashville and Phoenix Cyber Security Conferences feature 40-60 vendor exhibits and 8-12 educational speaker sessions discussing current cyber-security issues such as cloud security, email security, VoIP, LAN security, wireless security & more.

The best part of the DataConnectors events – they’re free! Meet with industry veterans and learn about emerging cybersecurity technologies.

Cyber Security & Cloud Expo 2018: Nov 28 – 29, 2018 | Santa Clara, Ca

The Cyber Security & Cloud Expo North America 2018 will host two days of top-level discussion around cybersecurity and cloud, and the impact they are having on industries including government, energy, financial services, healthcare and more. Chris Calvert, Co-Founder and VP of Product Strategy at Respond Software, will discuss the current state of security operations and emerging trends that are changing out teams operate.

 

Cyber Security Summit: November 29, 2018 | Los Angeles, CA

The annual Cyber Security Summit: Los Angeles connects C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security expertise.

Each one of these conferences provides a wealth of information, knowledge and learning material to help your security team improve its efficiency and effectiveness in cyber threat hunting. To stay up-to-date on where the Respond Software team is heading, check out our events calendar! The subject matter and industry professionals at Respond are always in attendance and ready to share their expertise!

Cybersecurity is Complicated, Here’s a Little Help

If you’re like me, continuously listening to webinars & podcasts to broaden your knowledge of the security industry, emerging trends, and new threats – you’re always looking for reliable, thought-provoking sources to learn and educate yourself.

I guess you could call me a “Security Geek”!

I have always found podcasts to be a phenomenal resource to learn about industry trends and products or services that are revolutionizing how teams operate. Not only do you get a chance to listen to subject matter experts and thought-leaders talk about their industry knowledge, but also learn about an application’s benefits and value it brings to solve everyday challenges.

The best part, they are free learning-sessions from industry experts on new trends and applications you and your team can utilize!

Below are the top 4 podcast channels I frequently visit each week to stay updated on the cybersecurity industry, trends and useful advice – including our new Respond Software podcast.

  1. The Risky Business podcast, hosted by award-winning journalist Patrick Gray, features news and in-depth commentary from security industry luminaries. Risky Biz is a phenomenal source to stay updated on the latest cybersecurity news on a weekly basis and trends.
  2. The Unsupervised Learning Podcast series, hosted by cybersecurity professional Daniel Miessler, discusses current cybersecurity news, emerging technologies, and provides opinions and advice on the latest trends in security.
  3. The Defensive Security podcast, hosted by Jerry Bell and Andrew Kalat provides a fun take on recent security news. One of the intriguing aspects of their podcast is they recommend feedback and advice for business on what they can apply to keep their network secure. Their perspective and input on best practices is very fascinating.
  4. The Respond Software podcast series covers a wide range of topics and issues – providing a fantastic way to learn about emerging threats and trends, challenges in security operations and opinions from industry experts. One of the primary focuses of the Respond Software Podcast series focuses on the role of humans and technology in the cybersecurity space. The series also features prominent industry leaders like Raffy Marty, VP of Corporate Strategy at Forcepoint. In a recent podcast, Raffy discusses cybersecurity challenges that exist today, what technologies can help improve existing processes and how cybersecurity has changed over the years.

By listening to these podcasts, I have learned a tremendous amount about the cybersecurity industry, trends, threats and new technology that revolutionizes how teams operate.

If you’re waiting for our next podcast to be released and want to learn more about the cybersecurity industry and discover how Respond Analyst can help your team – register for our upcoming webinar on the new Respond Analyst Web Filter Module on November 7th! You will learn how real-time analysis and triage of web filter data, during network and endpoint analysis, gives security teams an edge in reducing response times and limiting the impact of some of the most stealthy attacks!

Join our growing community! Subscribe to our newsletter, the "First Responder Notebook," delivered straight to your inbox.