Can virtual analyst level the playing field? — Chapter 5

Can virtual analyst level the playing field? — Chapter 5


Ed Amoroso

Mike Armistead

Let me ask you about threat, I’m sure people watching are familiar with the daily cadence that there is one pretty a severe hack after the other. Usually, they are by capable actors, whereas it used to be a bunch of dopey actors… it’s not that anymore.

Back in the Fortify days, we used to say we can’t imagine a nation-state doing this. They should be risk-averse as they could start a war. These days, of course it’s a nation-state.

If it isn’t, then it’s someone who has almost gotten there and is just as good. Does your solution and offering allow companies to keep up or get to the point where it can stop a nation state? Is that an elusive goal? Is this a lost cause? A lot of incident response firms start with the premise that there’s nothing you can do, just give up and deal with the response. Sounds like you are trying to be more proactive.

What we’re trying to do is equip an organization so they can be proactive. There are a number of parts to that. The first part is you need to have your own level of sophistication to deal with it, because these sophisticated attacks are great at hiding, they’re multi-phased and doing different kinds of things. You need to look for the indicators of things going on, that won’t necessarily be about a specific way, but indicators of how they’ve gone about it.

For our virtual analyst, we’ve really taken the expertise that we have in our company, we have decades of building security operations and running them – doing incident response or forensic investigations, and we’ve dumped their expertise into our virtual analyst.

You get this depth of analysis that you can’t do, that’s what’s key to really doing this. Sometimes when you take a person, they’re thinking of three to five things, they might be distracted by other things.

But if you have software that can be very consistent, that can look at 52+ different ways or factors that can go into this decision and do it on every alert, all the time, 24 by 7 – you won’t have as much hiding that the sophisticated guys can get away with.

The other part to that is it really starts to free or liberate the people you do have to do those things that they’re really good at. Which is a higher-level of investigation, using their ingenuity and their creativity to think about how can I actually get proactive, not just reactive to these things happening. It’s kind of a double whammy – we don’t say buy the virtual analyst or you don’t need any other analysts. We’re not replacing anyone, we have a huge shortage of security professionals anyways, we’re just trying to give these teams ability to get more capacity to do the basics. Those fundamental things that can be done over and over again. We want to free people to do higher-order things, to really deal with situations rather than dealing with alerts.