Blurred lines: When cyber attacks resemble everyday occurrences

The cybersecurity landscape has undergone a significant transformation in the past few years. With the increasing reliance on digital technology and the rise of the Internet of Things (IoT), cyber threats have become more sophisticated and complex. The advent of new technologies such as cloud computing, artificial intelligence, and machine learning has also added new layers of complexity to the cybersecurity landscape. In addition to this, latest trends like work from home and ChatGPT have further complicated the landscape.

One of the biggest challenges for enterprises today is the increasing frequency and sophistication of cyber attacks. Attackers are becoming more adept at bypassing traditional security measures, and attacks are starting to get to be indistinguishable from normal activity, making them difficult to detect. Moreover, with the rise of remote work and the use of personal devices for work purposes, enterprises are facing new challenges related to securing their networks and data against a range of threats. In the same vein, Jeetu Patel, EVP and GM, Cisco Security and Collaboration spoke to Dataquest along the sidelines of the Cisco RSA 2023 event in San Francisco.

DQ: How has the cybersecurity landscape changed in the past few years and what new challenges are emerging for enterprises in terms of cybersecurity?

The threat actors are getting pretty sophisticated. Earlier it used to be just hackers, and now we have cyber syndicates in the nation-states that are carrying out cyber attacks. If you look at the typical anatomy of an attack, when hackers need to get valuable data, they don’t go directly to the targeted destination but instead move across domains so that they can eventually get to the target destination. If you look at the MITRE attack framework, the malware spins up a process on your end point, and then that process allows you to spread that malware from one place to the other by actually traversing that malware through the network. And that’s how lateral movement happens.

These attacks are starting to get to be indistinguishable from normal activity, and events that might occur on a day to day basis. It’s very hard to identify what is a normal activity and what’s actually an attack.The distinction is getting harder and harder to depict when you actually have these isolated set of defenses. So, what we need to do is to look at this in a very nuanced way where the differences are very subtle, but they only happen as a result of correlation of data sets. In addition to this, this is an era where you can’t deal with security threats at a human scale anymore, but have to deal with them at a machine scale, and if you’re dealing with a machine scale, you need to have telemetry that’s native by the data source.

The threat landscape is complex and evolving. Detection without response is insufficient, while response without detection is impossible. To address this, Cisco has announced its new Cisco Security Cloud, a unified, AI-driven, cross-domain security platform. Cisco’s new XDR solution and the release of advanced features for Duo MFA will help organizations better protect the integrity of their entire IT ecosystem.

Cisco’s XDR strategy converges its deep expertise and visibility across the network and endpoints into one turnkey, risk-based solution. Cisco XDR simplifies investigating incidents and enables security operations centers (SOCs) to immediately remediate threats. The cloud-first solution applies analytics to prioritize detections and moves the focus from endless investigations to remediating the highest priority incidents with evidence-backed automation. With Cisco XDR, security operations teams can respond and remediate threats before they have a chance to cause significant damage.

DQ: What should the approach be for developing a comprehensive cybersecurity strategy for an enterprise? How should they balance risk mitigation with business agility?

Jeetu Patel: Companies have faced cybersecurity challenges in the past, and as we discussed earlier, the solutions have been implemented on a patchwork basis. However, it is becoming increasingly evident that a platform approach is necessary to address the evolving threat landscape. In all likelihood, there will only be a few platforms that dominate the market. 

Currently, we have a comprehensive set of domains that we receive telemetry from, including email, web with DNS, endpoint with hundreds of millions of users, and network packets. The move to a platform approach will be driven by API and EML, as end-to-end security and encryption become more prominent. The challenge lies in distinguishing between malicious and normal activity, which is increasingly difficult with the growth of channels such as ChatGPT. However, by analyzing patterns of anomaly across multiple datasets, rather than looking at each dataset in isolation, we can infer the presence of malicious activity more accurately. The urgency of this issue is growing, and the time is right for a platform-based approach.

DQ: What are some of the most important components of an effective cybersecurity program for enterprises, and can one prioritize these components based on the organization's specific needs and risk profile?

Jeetu Patel: Building a highly secure system can actually create the most insecure system, as it can be extremely difficult for end-users to use. They may either make errors because of the complexity of the system or bypass it altogether, putting the organization's IP at risk. Therefore, it's crucial to focus on user experience to ensure effective security.

The second important factor is efficacy, which relies on the data obtained. Thirdly, we're seeing a significant amount of investment being made in cybersecurity, as it has become a top priority for all major boards. Companies must ensure they have the necessary resources in place to maintain strong defenses and be well-prepared for any cyber threats.

As an industry, cybersecurity has failed in many ways. Despite the sophistication and new features being introduced, the number of ransomware attacks, breaches, and other cyber threats continues to increase. Therefore, a fundamentally different approach is needed, which includes an integrated platform that offers end-to-end protection for both cloud and on-premises capabilities.

It's essential to consistently protect all applications and users from potential cyber threats with a platform that has an end-to-end view, rather than a narrow focus. By doing so, companies can ensure they have the necessary protection in place to safeguard their valuable assets and minimize the risk of cyber threats.

DQ: How can enterprises address the talent shortage issue that plagues the cybersecurity industry?

Jeetu Patel: The cybersecurity industry is currently experiencing a massive talent shortage worldwide, with around 4 million cybersecurity jobs remaining unfilled in the US alone every year. This shortage exists partly because threats and adversaries are growing at a faster rate than we can proportionately grow talent. Furthermore, most companies lack the ability to hire the best cybersecurity talent and bring them up to the necessary level of sophistication.

Two trends are emerging in response to this talent shortage: a shift toward managed services and a demand for simplified cybersecurity environments. Companies need to simplify their stack to get more out of their existing talent and reduce their risk of experiencing a breach. Point solutions do not create harmony within the environment and only add more complexity, requiring more sophisticated talent. Instead, companies need to demand platform-based approaches from vendors and cross-correlation across telemetry sources.

Companies also need to focus on both prevention and detection and response when it comes to cybersecurity. Although necessary precautions can reduce the probability of a cyber attack occurring, breaches are still inevitable. Therefore, companies need to have good defenses in place to detect and respond to breaches as quickly and effectively as possible. This requires a good partnership with the vendor community and interoperability between platforms.

In summary, companies need to be aware of the cybersecurity talent shortage and the risks associated with it. By demanding simplified environments, platform-based approaches, and strong defenses, they can reduce their risk of experiencing a breach and stay protected from adversaries.

DQ: What role does Cisco play in this ecosystem?

Jeetu Patel: One important question to consider is what role Cisco should play in a hybrid multi-cloud environment, which is where the world is moving. There are only four major computers in the world - Amazon, Microsoft, Google, and private data centers. Most companies are isolating themselves within this architecture, but there is an opportunity for Cisco to provide an abstraction layer where networking and security can be abstracted above cloud providers. Cisco can acquire and steer any and all traffic to any cloud provider, and the policy will be persistent when moving from one cloud provider to another. This neutrality makes Cisco a critical player in the industry.

At a strategic level, Cisco will provide solutions and capabilities in different areas towards one central vision of an integrated networking and security platform. The platform, called the Cisco security cloud, will consist of several components such as network security, secure connectivity, Zero trust architecture, application security, and threat intelligence. All of these will be built on a common platform with a unified policy engine, open set of APIs, and a common design language to ensure it looks and feels like it is from one company.

The first proof of Cisco's unified platform is the launch of the Cisco security cloud, with more launches expected in the coming months. The offering provides cross-domain telemetry that can be correlated, eliminating the need to go to point solutions. Cisco will also pull telemetry from its competitors and security vendors in the market to provide the best XDR solution. Cisco aims to be the world's best company in preventing any kind of attacks in the market, and its broad range of solutions makes it possible.