CyberTalk

How CISOs can thrive in an unprecedented cyber threat landscape

Lari Luoma, Cyber Security Evangelist

Lari Luoma has over 20 years of experience working in the fields of security and networking. For the last 11 years, he has worked with Check Point Professional Services as a security consultant helping customers worldwide implement the best in class cyber security. He is a subject matter expert in hyper-scalable security solutions.

1. In your line of work, what are the top cyber security concerns that keep coming up in conversation?

Many organizations have a mix of different vendors and technologies that do not always work together or can cause problems because they have all been installed inline. Making changes in one vendor can cause unexpected issues on another vendor’s technology, causing traffic outages. Availability is one of the key components of CIA triad that we, as security professionals, should be concerned with. Having a single pane of glass, consolidating and automating security operations would significantly improve your security posture.

2. Would you recommend a prevention-first based framework to CISOs, and if so, why?

Absolutely! If your security devices are in detect mode, it is like watching in a monitoring room when someone steals your goods, but no one is there to prevent it from happening. In the best case, you will get some blurry videos and can only hope that law enforcement will catch the thieves one day. However, with prevention, you have guards in the store and have the most valuable items behind locked doors. Using a similarly strategic mindset, you should protect your data. With the prevention-first framework, you can sleep at night without needing to worry about someone stealing your data. They could try, but the system would prevent it automatically and record data for you that will help in catching the criminals.

3. How does a prevention-first approach better support security objectives than detection alone?

When the attack is prevented, it will not enter your network at all. If you still get infected by malware, you can prevent it from activating and isolate the infected machines for faster remediation.

4. For organizations that are newer to cyber security, what are key ways to drive security prevention initiatives?

A. Understand the key assets you need to protect most
B. Automate as much of your security operations as possible
C. Prevent users from downloading and opening malicious links and files
D. Segment your network to prevent malware from spreading
E. Handle cloud security in the same way as you would on-premise. Native cloud security controls are not enough to effectively protect your environment.

5. What are the top ways to advance security prevention initiatives within established security configurations? What should the CISO of a high-profile decades-old organization work on?

6. What have you seen in the real-world that can speak to the value of prevention?

We have seen several successful ransomware attacks in the last couple of years. An attacker usually gains access because users have clicked a malicious link or opened a malicious document. After the infection, the malware has collected a lot of sensitive information from the organization’s internal systems and sent it to the criminals. Eventually all of the organization’s critical data has been encrypted including the backups. All of this could have been prevented by blocking users from clicking malicious links or opening infected attachments, preventing command and control connections to known C&C servers by segmenting the network and automatically isolating infected hosts.

7. Given the nature of ransomware, is prevention perhaps overly optimistic?

No, it’s not too optimistic. A few simple rules:

8. What should technology leaders know about circumnavigating prevention-related stumbling blocks?

Many leaders are worried that the prevention-first technologies would cause a lot of false positives and legitimate traffic outages. The number of false positives can be minimized when planning the deployment well and making sure that the applications and network support it. You should recognize your older non-standard applications that might cause false positives. Asymmetric routing in your network could also be a cause for issues etc.

9. How can cyber security prevention and detection complement one another, if at all?

A security incident must first be detected before it can be prevented. XDR/XPR (Extended Detection/Prevention and response) are good examples of this. Based on AI technology and cross-correlation, XDR/XPR delivers automated prevention and prevents attacks from quickly expanding within your environment.

10. How is Check Point pioneering innovation when it comes to prevention-first security?

Check Point Horizon is the next-generation prevention-first security operations platform (XDR/XPR) designed to simplify SOC team operations and automate prevention of cyber incidents. Horizon XDR/XPR takes action when it sees an event – like malicious e-mail, and correlates the events over time and across your security estate so that you can stop attacks.

Exit mobile version