Super Cyber Fridays!
Join us TOMORROW, Friday [02-16-24], for "Hacking Compliance vs. Security"

Join us Friday, February 16, 2024, for “Hacking Compliance Vs. Security: An hour of critical thinking about why checking the box is good.”

It all begins at 1 PM ET/10 AM PT on Friday, February 16, 2024 with guests Matt Cooper, senior management, privacy risk and compliance, Vanta and Chris Hymes, CISO, Riot Games. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Vanta

Defense in Depth
Tracking Anomalous Behaviors of Legitimate Identities

The Verizon DBIR found that about half of all breaches involved legitimate credentials. It’s a huge attack surface that we’re only starting to get a handle of. So where are we in terms of monitoring anomalous behavior of our users? And how are new AI-based tools helping us to scale efforts?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Adam Koblentz, field CTO, RevealSecurity. 

Context allows you to understand anomalies

When it comes to detecting anomalous behavior, context is king. But not all context is created equal. "When you merge your anomaly detection with poor quality context you get more noise. When you merge quality context with your noise, you improve your signal to noise ratio,” said Gene McGowan Jr. of SANS Institute. Automating context collection with anomaly detection will allow organizations to better react to it. "All rare events are not malicious. They're just rare. They can be resolved as either malicious or benign through context. The way we unlock anomaly detection is through the automation of gaining context,” said Joshua Neil.

Humans can be the ultimate context

With AI and LLMs being the de rigueur tech to throw at a problem, it’s important to understand if it still holds limits when interacting with pesky humans. Erik Bloch of Atlassian laid out why these systems may struggle, saying "LLMs can add context, but can’t yet reason. Every human is unique, and is an anomaly when compared to anyone else." In fact, security professionals can still automate context collection by leaning into the human element. "The best way is to use automation and a trusted channel to verify if a user knowingly did the behavior. For example, an automated Slack message to them helps us identify possible attackers," said Chris Bates of SentinelOne.

Detection between apps remains a challenge

The current crop of anomalous detection tools prove effective when they focus on one area, whether that’s on the access layer, network infrastructure, or operating system level. But there remains a challenge in the industry when looking at behavior between apps. "UEBA have been partially effective when there are major commonalities. However, when it comes to the business applications, UEBA has failed due to the vast dissimilarities between applications. Models have therefore been developed only for a limited set of application layer scenarios,”  said David Movshovitz, co-founder RevealSecurity.

Security teams need full visibility

The lack of detection capabilities between apps becomes a major weakness for security teams. As threat actors become more sophisticated, it shines a spotlight on the issue. "Security teams don't have visibility into attacks against the identity control plane. Organizations need a comprehensive threat detection approach supported by a robust library of detection signals, starting at the identity provider level," said Randall Hettinger of Permiso Security. Ryan Franklin of Amazon rightly points out there are solutions available for identity control, but it doesn’t entirely solve the issue, saying, "Credential theft is a serious problem, and strong multi-factor remains a successful mechanism to deter these attacks. That leaves service exploitation as a viable entry point."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Listen to the episode.

Thanks to our podcast sponsor, Reveal Security

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Trina Ford, CISO, iHeartMedia.

Thanks to our Cyber Security Headlines sponsor, Vanta

OPEN AUDITION! Looking for Next Hosts on CISO Series

Your favorite hosts of CISO Series shows are not going anywhere.

BUT, we’re developing a new show and we’re looking for your NEXT favorite CISO Series hosts.

And we’re looking for a pair of them, possibly two pairs!

Submit a recording to be CISO Series hosts

• We’re looking for a two-person recording. You and a friend get on the microphone and explain something, anything in cyber.

• The recording should be 5-10 minutes in length. Audio only.

• Send your submissions via our contact form or via [email protected]. Label it “PODCAST AUDITION.”

• DEADLINE: THURSDAY March 7th, 2024

Go to the blog post on details on how to deliver the IDEAL submission.

Cyber chatter from around the web...
Jump in on these conversations

"Is the CISSP worth it if you want to be a Security Engineer?" (More here)

"What questions would you pose to a cybersecurity specialist in law enforcement?" (More here)

"Taking Notes: What are your techniques as security professionals?" (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [02-16-24] Hacking Compliance Vs. Security

• [02-23-24] Super Cyber GAME SHOW Friday

• [03-01-24] Super Cyber GAME SHOW Friday

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.