Chief Technology Officer/CISO
The “godfather of AI” just quit Google so he could speak freely about the dangers of generative AI products. The concern is the speed and acceleration without guardrails.
Historically, we’ve had some really smart people in the hacker space that were doing things on the dark side. But now, we’ve just enabled many other bad actors who aren’t as savvy to do nefarious things.
Zero Trust is 30 years old.
In the cybersecurity industry, everybody’s talking zero trust right now, like it’s this new evolution that will save us. But the concept of zero trust is over 30 years old.
The thing is, we’ve gone to a completely distributed world and the edge has moved out. Paired with the agility AI affords bad actors, we’re at a transformational moment. Organizations are in the crosshairs of metamorphic technology change and need to adapt right now, this minute—yet the fundamentals of security remain the same. (And I say this as someone who’s been a CSO and CTO for 30 years).
Endpoint security isn’t enough.
XDR (extended detection and response) has become the holy grail—because we all know endpoint security isn’t enough. Why is it, then, that the network continues to be neglected by the XDR solutions on the market today?
No one is talking about the network other than finding anomalies on it—no proactive protection. Once malware gets to the endpoint, and that endpoint is missing its EDR solution, or bad actors figured out how to bypass the EDR, it spreads to other systems in the network. And the malware spreads in more and more intelligent ways that are harder for the system to identify.
Microsegmentation is really, really hard.
Microsegmentation is essential to reduce the attack surface and reduce the risk. But most organizations aren’t doing it at all, or they aren’t doing it right. Because it’s really, really hard. Hard to implement and hard to maintain.
A solid security stance needs continuous care. Beyond deploying tools, it takes people fine tuning, and tweaking, and creating correlation rules—and understanding what alerts are valuable to the organization and which ones aren’t.
The last layer of defense is eyes on glass.
Defense in depth requires a multi-layered approach, and the last layer is human eyes on glass. If you have all the best tools, but nobody’s looking at them, the bad guy could be bouncing from system to system without you knowing about it.
I can’t tell you how many times we’ve gone into an incident response situation and the bad guy’s been there four months, six months, seven months, and nobody saw it. The alerts were in the logs.
But it wasn’t that they were ignoring the alerts—it’s because they have 30 consoles to monitor and not enough time to parse through all the logs. Because, at the same time, they’re trying to keep their business working, get the stuff done for their customers, and stay on task with core versus context.
A solid security posture is attainable.
That’s where DataEndure’s managed security services comes in. There are 3,000 security vendors out there saying their tool is the best. But they can’t all be the best, so how do you know? DataEndure handles due diligence, POCs, and evaluations to ensure the security services and tools we deliver keep our customers on best-in-class footing.
We have a number of complimentary assessments that can help you determine your path forward. We’ll provide a budget strategy for upleveling and evolving your security posture, and we’ll take into account the tools you’ve already invested in. Tap us in today!