Sophos CEO Advocates the Need for Round-the-Clock Data Breach Prevention for the Masses
Written by: Izzat Najmi Abdullah, Journalist, AOPG
Data loss and disruption due to security breaches are a constant danger for modern businesses. Increasingly complex attacks, the rise of telecommuting, and the vulnerability of the workforce to social engineering techniques are all contributing factors. Threats are persistent and securing a system can be difficult. Only a select few businesses can afford the personnel and technology necessary for security.
As one of the fastest-growing categories of the cybersecurity market, Managed Detection and Response (MDR) solutions are being sought out by organisations as a means to address the dual challenges of limited funds for the purchase of more security technology and insufficient security personnel.
But why is MDR making such a huge impact?
To help us better understand the important role that MDR is able to play in securing today’s enterprises and gain further insights into today’s fast-evolving threat landscape, Cybersecurity ASEAN took the liberty to interview the CEO of Sophos, Kris Hagerman.
Navigating The Ever-Evolving Cyber Threat Landscape
Kris confirmed that the majority of organisations around the world are unable to properly handle cybersecurity on their own due to its complexity, difficulty, and rapid pace. A shocking level of sophistication has been reached by cybercriminals, who can now simply produce large numbers of high-grade attacks.
Thus, for organisations of all sizes, from those with ten employees to those with a million, it’s becoming incredibly challenging to keep up with the constantly evolving nature of cyber attacks. The frequency and severity of these attacks, as well as the consequences of failing to defend against them, are both rising rapidly. Kris explained that IT and security teams are coming to realise that trying to leverage products as a means to a solution is not sufficient; these, even when they are cutting edge, are insufficient on their own. World-class products, threat intelligence, and genuine cybersecurity specialists working in tandem are required to overcome this problem.
Kris also stressed that the evolving cyberthreats are not the only major problem as in the cybersecurity world, there has been a global shortage of experts and workers as there are currently, “3.5 million open positions in cybersecurity and there are around 750,000 positions just in the US alone.” It is a big number considering the number of cyber attacks that have occurred in the past year.
With MDR services, organisations may have a better fighting chance, as it gives them access to the cutting-edge features of a managed security operations centre (MSOC) without ever having to leave their offices. The ability to quickly detect, analyse, investigate, and respond with active threat reduction and containment is made possible by these features. Turnkey MDR services capture relevant logs, data, and contextual information utilising a preset technology stack (including endpoint, network, and cloud services). Multiple methods are used within the provider’s platform to decipher this information. With this method, specialists in threat hunting and event management can conduct an investigation and provide useful findings.
A Common Solution Against a Common Enemy
According to Kris Hagerman, organisations in different parts of the world face distinct security challenges, or a “common enemy”, if you will. Since the vast majority of cybercriminals use the same approaches in all regions of the world, businesses now need globally consistent policies and solutions. When these criminals create a sophisticated attack or make it available to the public, they usually don’t limit it to a single business, industry, country, or even continent. They “spray and pray” it globally, leaving organisations anywhere open to attack.
“They were taking down large and small companies, they were taking down companies that had 10 people and 100,000 people, and they were taking down companies in Europe and Asia and North America and Latin America. Obviously, it is a global contact sport,” mentioned Kris.
Maybe you can handle it if your company is worth a billion dollars, like JP Morgan, the world’s largest bank, which employs more than a thousand employees whose entire jobs revolve around cybersecurity, not to mention the huge budget they have at their disposal. Most other organisations in the world, however, don’t have this luxury. They are completely on their own when it comes to security issues since they lack the resources, the budget, and the skills and knowledge necessary to tackle it. Because of their financial constraints, many of the world’s 20-30 million non-profits have inadequate security measures in place. This, my dear readers, is a terrifying prospect.
The good news is that Kris says Sophos has made extraordinary advances in some really significant technologies in the last few years that allow them to now do something they have never been able to do at scale before, which is to deliver cybersecurity as a service.
He explained that while some vendors will let you integrate your own tools with theirs in an effort to jointly counter these threats (this is great news, as it means they can collaborate with any vendor of their choosing), there are however some restrictions: (1) they typically only provide alerts and not action; (2) they are restricted in the depth and speed of their insights due to a relatively thin layer of abstraction above the products. These businesses provide what is known as a single vendor MDR, which entails both MDR services and a service that is well-integrated with the product. Unfortunately, in order to employ that vendor’s goods, customers have to rip and replace what they already have, which limits their adaptability.
According to Kris, Sophos’s MDR technology, on the other hand, offers to bring your own technology or whatever products that you are running, and they will take some level of information from those products and will try to help you manage the problem.
What really makes Sophos special is that they are the only vendor today that brings the benefits of both of those models in one place so that customers can have a rich set of product capabilities in one of the leading threat research facilities in the world. Kris said that Sophos can take information from all of their products populated into a single data lake, run analytics and artificial intelligence to spot issues and take action across their product set, functioning like a single vendor MDR. So, what sets it apart?
- Sophos just announced a few weeks back that they can take information and telemetry from other competitor products and put that into the same data lake and be able to offer prioritised alerts and notifications and actually take action on those as well.
- Sophos can not only work with their own self-list products but also work with whatever products a customer brings.
- Sophos is also flexible in how they operate as it can run fully on behalf of the customer. Customers can inform Sophos if they just want Sophos to manage security for them or if they have their own security operations centre.
- Sophos also offers help with a team of 500 experts that can create a virtuous feedback loop where their data scientists improve Sophos’s threat intelligence, and their threat intelligence improves their security. This team of experts help the data scientists and vice versa, which allows Sophos to get better and better at scale and gives it a real competitive advantage.
“My advice is that organisations should explore the compelling benefits of cybersecurity as a service and work with strategic vendors that can deliver at scale, the opportunity to deliver better protection detection and response at a lower cost than the customer could do on their own,” advised Kris to the readers out there, concluding the interview.