Events Add an event Speakers Talks Collections
 
RSAC 365 Virtual Summit
January 27, 2021, Online
RSAC 365 Virtual Summit
Request Q&A
RSAC 365 Virtual Summit
From the conference
RSAC 365 Virtual Summit
Request Q&A
Video
Nowhere to Hide: How COVID-19 Forever Changed Your Company’s Attack Surface
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Add to favorites
106
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About the talk

In addition to being a global health crisis, COVID-19 fundamentally altered the attack surface of organizations worldwide. As companies transitioned from the office to a remote-workforce posture, adversaries levied tactics designed specifically to exploit the pandemic. Accordingly, this brief will cover how COVID has changed the attack surface as well as how companies can shore up their defenses.

About speaker

Jason Rivera
Director, Strategic Threat Advisory Group at CrowdStrike

Jason Rivera is an internationally experienced intelligence, cybersecurity, and national defense professional who possesses 14+ years of experience innovating at the intersection of security operations and technology. While in the private sector, Jason has advised and led the development of cyber intelligence programs for large Fortune 500 companies and US Government agencies. Prior to his entry into the private sector, Jason served as an Intelligence Officer in the U.S. Army where he attained the rank of Captain and participated in a variety of roles, including assignments at the National Security Agency (NSA), U.S. Cyber Command (USCYBERCOM), as well as having served in combat tours overseas.

View the profile
Share

Everyone, my name is Jason Rivera on the director of the Strategic threat Advisory Group in crowdstrike. And today, I'm going to talk to you about, you know, some of the experiences that I had. As a cybersecurity professional around responding to covid-19 house forever changed. A lot of, do, you know a lot of corporate America's attack surface? So, here's what we can be going through in terms of the agenda of weird to talk about how we got here in the first place. And some of the Dynamics, it's shifted from here, the old normal to the new normal. And then we're going to talk a little bit

about how the attack surface change and change and do some of that, you know, I went different threat actors did and how they adapted to kind of the other changes and you'll be asleep Global business. And then lastly, we're going to talk about some suggestions or basically recommendations on how we can adapt our organizations to The New Normal. Let's go ahead and jump into the introduction, and probably the best way to characterize it is at the world change pretty quickly. So you do on February 27th of this year's or in 2020 still, you know, on that day. I was actually out. I was, I was at

the last two are safe and everything is business. As usual, you know, all the displays were up movies for their, the talks were happening. There was no Mass requirements, Nostrand, and sanitation requirements. Literally. I was having meetings constantly like one after the next after the next shaking hands, and use a pack. So again, you know what? The 27th, the world was one way and then suddenly you kind of transition maybe 2 weeks later, right? To March 13th. Show me the total Nationwide lockdown. 100% remote Workforce. And then, you know, obviously been this unprecedented Reliance on

the internet every scrambling and he's trying to figure out what to do. And you know, that Force us all to use the internet more than we ever had the past. And that was really a big piece here. That's what I was wanting things to be adversaries, picked up on very quickly. Therefore, they really start to change things. So, you know, we're very very quick and how they adapt to include covid-19 messaging. So for example, in this one on the left and I'm showing you this is an email. This is a phishing email that was sent on February 4th this way before. It was even declared a

National Emergency already there in christening the CDC asking for, you know, different types of trying to get people to go different sites that would most content. So these detectors picked up on it very quickly and you just look at the rate at which they sent this here while we're back in town, February 4th, and then it wasn't just fishing, you know, a lot of it was like some of these donations schemes as well. It's on this case, you know, there's a you know, what you mail from an actor who pretended to be the World Health Organization and basically asked me for donations and Bitcoin,

which is never a good sign. By the way. No one should ever be asking for donations that again. With this demonstrates, the ability of these actors to rapidly adapt to the dare dare to the times that they're in. And then as we kind of abuse, as we kind of like watches go into the months after that, the actors eventually, got way more creative in their approach as well, and they started actually developing unique capabilities. So, what you're looking at on the left, for example, is a, in a fraudulent. Now, we're real written Android app and basically what it does is it

supposed to be designed to help you understand that there are covid-19 infections around you in a few are in a risky area. So then of course, a lot of people downloaded this thing and then even came to text in capability to talk about like, oh, hey, there's a new Urgent Message and all of this was designed, you know, to steal information, basically go out to people's private data, but again that's really speaks of the Ingenuity of the actors themselves and their ability to even conceive of this. Let alone deployed and then on the right when I'm showing you as an example of like the windows

visualization sites. So, you know, all of us has seen them like there's different types of visualization sites that show you how something is growing or how something is changing. So it has also tried to go out as well. They basically created With the intent of driving web traffic to those malicious sites. And then again, stealing information in the victim tell you no interface with malicious applications. So on and so forth. So, you know, what, we're going to look at now is just from a pure numerical perspective, how big of an effect this was. So why you are looking at is our Crosstrek

intrusion. Telemetry starting from the quarter 1 in 2019, all the way up to the end of quarter to 2020. We do have court at 3 out but that came out after I created this Grieves over a little bit behind the data, but basically what it's showing is it showing the increase in intrusions overtime. So this gray block here, that's a crime, is black space, right here. That's unattributed. And in this red space here that does our nation state or state sponsored actors, as you can see, the state-sponsored actor is kind of like, you know, remaining relatively static overtime. Not really doing yo, it's

not really, really not changing right until you stable. However, you look at these crime actors. You see a steady increase all throughout to Jobs in 19 and probably the best explanation for that one is around the threat of ransomware. And basically, you know, what attacks happened. Not only do they, you know, her the victim but they also Inspire other ransomware actors to also get into the game. It's a few more ransomware attacks. So sore the same kind of keeps on compounding on top of itself so that you know, that helps us understand the 2019-2020 and what happened here,

but basically a combination of a couple things. The first was covid-19. So going back to what I said and you know, like three slides ago, you know, we had to use the internet more than we ever had in the past. What does that mean? Well, if you're using the internet more, that means a larger attack surface of a larger Tax Service, could be no more complete them are more complex attack surface. Also, you know, which it which in turn would allow the adversary opportunities or additional opportunities rather to get into a Target environment. So, you know, it's a created, this really the

situation where we're having to use vpns more or you can more easily the situation where our tax service is much larger. And then, on top of that are out of Siri. Also quickly adapted started using more techniques, such as like ransomware as a service. For example, where it where I was like a lot of transfer operators started, the Outsourcing, you know, a large portion of their operations which in turn resulted in a larger volume of attacks. So, not only do you have a larger volume of attacks. Now you have a larger attack service. Those two things combined are really what explains this big

jump that you see right here to you end up in the beginning of this year. And some other key notes that I thought were interesting and we saw a 98% increase in distinct and sophisticated intrusions from 2019 quarter, 3 to 2020 quarter 3. And of course, that begs the question. What exactly is a distinct and sophisticated intrusions, well, basically what it kind of boils down to is that we used to call that we've never seen before. So for example, if we see a particular type of intrusion, that is using a different types of tactics or maybe a novel

type of malware, or maybe the way that it's moving laterally, is just different than anything we've seen before in the past, basically doing something entirely different. So what what what I'm really saying here is that we seen a huge increase in complexity, 100% in a nearly 100% increase more of these types of attacks from quarter, 3 of last year. So not only are we seeing a larger volume of attacks of the attacks. Themselves are also more complex, using more novel capabilities. And the other thing that I thought was Listen to know. I'm with somebody and treatment statistics from across

our perspective. We saw that approximately 75% of those attacks within North America. Leveraged, Wireless techniques techniques only. So, what I'm saying here is really Hands-On keyboard techniques things like using legitimate credentials RDP compromised Powershell, basically things that do not require the use of malware in order to achieve their objective. So, again, 75%. So that that's all, you know, how to say this way more than way more than 50% of the way more than half. So, you know what this, again increases kind of the complexity and further exacerbate the challenges faced by

Defenders. So here's some of the common themes that we saw from the, you know, from the time, they covid-19 became a significant issue with, in the public eye. The first one was web distribution. So basically with web distribution, what we're seeing here the receipt out of series, go after these sites that distribute public information. So for example of public health sites, or it could be like, you know, those Cremation, visualization sites, they know a lot of people are going to those sites. So therefore, adversaries, Focus their efforts on compromising those locations and then using

those in order to engage in lateral, access or gay, get credentials or whatever, maybe, The next one is situational fishing and situational fishing is a term that I'm using to describe fishing in conjunction with like a largely well-known situation. So for example, covid-19 or an election or protest, you see a lot of doctors that take these widely known situations and then form their fishing campaigns around those with the intent of, not only kind of going out there a specific Target. But then using a well-known events to kind of amplify the message and increase the sense of urgency of the

victim. So we definitely saw a lot of that but from Nation see David series as well as criminal as the series goes back to what I was saying earlier about the attack surface and like I said, the attacks service is much larger, we're all working from home. We have to somehow securely connect back into the office environment or connect back to you know, network-based applications, whatever it may be, right? So a lot of stuff requires writing of the ability to connect remotely and to do it securely. So protocols such as our VP or VPN connections. We're seeing a lot more compromise of those

given our Increased Reliance on those as a as a society. And then lastly, we saw a lot of information operations being used by rabbit series in order to affect the thinking of the population. So we saw this in the political Arena. We've seen it in terms of covid-19. And basically we know what would a rabbit's ears are doing? Is they're trying to think they're trying to manipulate the way the population things in order to get that population to do something or think a certain way, and in terms of how it would be a benefit, the other nation state. So we're seeing a lot of that, primarily from you

or the big for a vast areas. Such as, you know, Russia, China, Iran, North Korea. And then, if you do from some of the rabbit series as well, but again, the design of this is to get the population to think a certain way. Also of note, we saw a huge increase in the amount of covid-19 themed words and just to illustrate that increased from what we saw from the krauts are prospective February. We saw him about 10 covid-19. Whereas in, March, it jumps at the well over a thousand and that Trend continues all the way into. May I capping off at around 12 to 1250. So I would contend that you do a

lot of what this brought to light. A lot of what covid-19 is how difficult it is to really understand the problems. We are facing particularly when those problems are changing very quickly and, you know, one of the ways I like things about that, you know, the necessity of understanding problems, as I like to take a quote from, Einstein is something that she wants said, and Einstein, once said that, if you had an hour to save the world, he would spend 55 minutes to find the problem in about 5 minutes solving it. Yet in the cyber security industry. For some reason. We kind of do that

backwards. It's like, we want to solve problems. First one. I sent out fires and play whack-a-mole, but I talked to so many organizations, and in many cases, it does feel like, you know, where react Things a lot. It's like, you see, this trip pop up here and I'll go after that. But not really understanding, kind of like the underlying basis of why it's happening. And, you know, there's a lot of ways. I see this, you know, how many cases will see, organizations, buy expensive Solutions,

but not really understand the problem that they're trying to solve in some cases, you know, it's now we're here and we bought the solution, right? And now you're reacting to alert, seared reacting to incidents. But yet once you resolve the ruler to resolve the incident, a lot of organizations. Again, they still don't really understand why it happened. What was the reason in the first place? And the challenge of this is that the longer you kind of a few, no play, whack-a-mole eventually, you lose the game, eventually the mole gets through, and that's a chat soon. As I told me how these breaches

occur, right? Its strategic surprise. I think is a good terms, really think about when you think about why breach occurs, because if you were to ask, you know, the sea. So the day before he found out, he or she found out about the breed Your she would say. Oh, yeah, everything's fine. We're doing all the right things. We understand the threat vectors. So on so forth and then you ask the day after and it's like, oh wow. Yeah, of course. Wow, I can't believe I didn't see that you had a lot of that happens because we're not aware of the underlying problems that we are facing. So we're going to

talk a lot about that when it comes to understanding problems. And that's how it really going to think of the attack surface. And one of the ways that we would, one of the good ways to understand this problem is to imagine it as sort of like this threat landscape, which consists of you and the adversary. And basically, the name of the game is that your ability to defeat cyber-threats rest, pretty much almost entirely on your understanding of the problem because if you understand the problem well enough, if you know where your adversaries capable of, if, you know what you're going to

Billy's are, if you know what, you're trying to protect, you don't know where the other three eyes and what they're different infrastructure capabilities. Are there different gtp's are, if, you know those things and you are pretty well positioned to succeed against the adversary. So that's our goal with these next few days. I just really talk about that and how that changed, as a result of covid-19, are to cross three echelons, the TJ operational and Tactical. At the strategically on our side as good for companies to think about, you know, what industry of the end.

What are your critical assets? What is it that allows you to stay in business. Those are the most important things about you and it is those things that will ultimately cause an adversary to Target you. So for example, when we think of you have a Siri, they have motive and intent for a financially motivated doctor who might be interested in you crime. They might Target no Financial assets of a company or perhaps a Espionage motivated, actor, interested, intrested in National Security Secrets. Maybe they'll go after a federal organization and try to take their you National Security data, or

theirs. So that's kind of one way to think of it as a strategic level. And then, the operational level, we can think of ourselves as a function of the people process technology. Whereas, on the adversary side. I find it useful to think of the atmosphere at the operational are as a function of their capabilities. So for example, now we're social engineering so on and so forth and then their infrastructure, so where do the capabilities come from from? Which domains? Which IP addresses so on and so forth. And I like to think about kind of the interplay between how the adversary might use their

capabilities against us. So for example, of how might they use now, we're against our technology, how my day, socially engineered people, how might they take advantage of a portable process. So it's good to kind of think about these things. And then, lastly, at the tactical error. We have the attack service and we want to think about her internal tax service. So what are the applications or operating systems internally that we are using that could potentially be vulnerable, how might the adversary penetrate, our perimeter? What are some of those perimeter of vulnerabilities, maybe at

the email Gateway, or maybe I won't, what are those going to believe that we need to consider? And then last week, one of the extra? What abilities do we have? Do we have her lines on cloud services external applications different types of websites, you know, could be ready to be a bunch of different things, right? But again, but kind of way. I like to think of your tax service is to think of the Cross, you know, internal perimeter and external. And then also I like to think of the adversaries ttp's. So what exactly are they going to do to kind of meal break through one of these areas and

ultimately what we're talking about here today at least is the attack surface and that's what we're going to focus on. We're going to look at kind of how this attack surface has changed since the covid-19 pandemic. So let's take a look at this, across the three different categories. So first we have internal, we have perimeter and then we have external. So in the pre covid World on that, you know, in the infant in any realm of internal really there was, it was much easier to find network boundaries. We knew where the assets were. We had a better understanding which applications went with

were needed where the endpoints were, where they resided how they were protected, was much better understanding of that. Whereas post covid the transition to this remote Centric, work for so many people out to connect in all sorts of weird ways. And the challenge of this is now what what is internal? What is external? If we don't all work environment and office environment, is there necessarily even an internal capability or an internal environment anymore. At this point? I should have started to slide of her. All right. So now let's take a look at how the attack surface change

and maybe kind of look at some of the differences between the pre covid a time frame and the postcode of time frame. And we're going to look at the base across internal perimeter as well as external Suburban internal perspective. We really what we sign up recovery time frame is you know, internal assets such as critical workloads and points applications and data contained. Within the Define Network boundaries. All of these things were very kind of well-defined. Right? We knew where things were whereas in the postcode time frame because we don't have this remote Centric Workforce. Now, we have

increased exposure to internal assets because now somebody from outside of the, you know, that affect environment is having a VPN back in. RDP back in coming from a place is not necessary part of the protected Network. So you're seeing a lot more kind of ambiguity of what exactly is internal and what exactly is a external The next one we have is around kind of the pre covid-19 from a creek over perspective at the perimeter. So, you know, again, pretty covid organizations are largely reliant on this isn't perimeter environment. These firewalls physical appliances, you know, Gateway Solutions

their Reliance on things too, kind of protect this environment and they really believe in the Integrity of the environment where as in the post, time frame, like we discussed earlier, you know, if the VPN back in or if you have to argue key back in or if you know you're going out again, right? If people are working from outside of the environment, suddenly, what is the notion of a predator? It doesn't necessarily apply for Externally yard on the, on the, on, on the external kind of Tax Service, you know, when the preacher over there, if there was really a clear differentiation between

internal and external environments. The internet's really characterized by abnormal amount of web traffic, right? So they were huge spikes. We kind of understood, you know, what were the assets that were protecting within our boundaries? What are the assets that we rely on with our cloud service providers? However, the postcode environment again, we see this huge transition to remove Workforce, and now it's essentially a Reliance on cloud capabilities skyrockets, whether it's Cloud cyber security, cloud, storage other types of cloud. Services is a lot more Reliance on these Services.

After the, you know, when school and became of you are really a big International issue. People are trying to figure out how they use these services and integrate them. As part of their operational environment, the challenge of that. Then came between what what is internal. What is extra? If we have critical data in this cloud storage area, is that should that be considered internal? Because it's critical. So, I would just be. So, what I'm saying here is a lot of confusion, right? Especially when it with organizations that are trying to wrap up the adapts all this and trying to figure

out what the new normal is. It could be a very confusing situation. And then, of course, the more confused, we are as Defenders, the more opportunities that our adversaries have to exploit that confusion. Let's take a look at how the Absurd change their tactics. Both in the pre covid-19 time frame and the post covid-19 times during operations enterprise-wide Targets. In order to get the maximum payout and then. They also focused a lot on David theft and fraud, you know, really focused on stealing pii and then

monetizing and the criminal underground in the post covid time frame. We see a big increase on written with ransomers of service attack. We see that volume increase. And again, raised the service is where these ransomware operators are now, Outsourcing to affiliate. So for example, last year in 2019, let's say they were maybe ten major transfer operators where we're seeing with the affiliate program is it when they have these affiliate programs at allowed source with you notes from Summer, to take me to 25 Affiliates. So, you could go from a situation where you intend me to transfer

operators last year to round 250 different types of operations this year. So that again, huge increase in volume. And then we also saw the emerging Data extortion, which increased the attack severity. So basically with date extortion, while you're looking at here, somewhere actor on top of the connecting to ransomware attack, then it's towards the victim with their own data, typically pii. And what they'll do is go threatened to sell that Pi on the in the criminal underground. If the actor doesn't pay the ransom. So not only does their victim potentially have their entire environment to

lose, but they could also lose that data to the criminal underground as well. Basically suffering a double blow. So this next one, we're going to talk about it. Some Dupree covid attack, except we saw use my nation to have a series. And, you know, it really there was kind of focus on business as usual. So, you know, normal, National Security, and economic Focus, ST, & Beyond depending on the type of country and what their needs were. And again, that varies from Nation to nation and then, of course, we saw a lot of use of the Cyber as a tool of international influence. And I say that

what I'm really talking about here is information operations using the you know, using different types of websites using different types of persona is to influence and kind of being a sway. The world in their favor. Whereas post covid, you know, just like you come out of there pretty quickly as well. We saw a huge increase in covid-19 and downloaders and this is across all the way out of series, all them started using covid-19 environments. And we also saw a huge increase on Focus around epidemiological technology and decision-making. So with

epidemiological technology, what I'm saying, there is relief Some kind of like what are all the technologies that were developed as a result of covid-19, whether it's vaccine-related Technologies or different types of medical Technologies and communication Technologies. A lot of development has been happening since covid-19. And that is a huge focus of our adversaries. And then she's going to do or what is, no, this European nation going to do given a certain circumstances or giving, you know a certain situation. So again, you know, like I said earlier, I did really

like the more they kind of a ball to the time and where you kind of see this as a normal part of their way of Opera operating. And that's a really important aspect of this, you know, you want to be able to adapt to things in order to kind of go with the X. So this next one is around kind of the way forward and some recommendations around how to evolve in this post covid-19 are up. And, you know, one of the ways that I can think of this is your pretty much in a situation where you need to evolve or get left behind and given that I'm proposing for Evolutions. So, Evolution one is

decreasing. Reliance on the idea of a perimeter. Evolution 2 is prioritizing Simplicity and adaptability Evolution three is evolving from reactive to proactive. And evolution for is around the ability to prepare the workforce for The New Normal ever. Had to a slide on you to use and just kind of do a deep dive. But again, he was kind of my, my for broad recommendation. So let's listen to the first one is around decreasing, Reliance on the idea of a perimeter and really kind of the premise here is to no longer conceive of years of yourself or your organization

as operating within this safe space. And one way to kind of think of this is, we should probably now treat the endpoint as a heart of your ID environment and point is the new perimeter. So basically treating every single endpoint as its own protected as an unnecessary relying on these different types of Network Technologies, to keep the app of Siri out. You know, another way to think of this is really focusing on zero trust architecture. So, you know, trip like basically verify the identity of the individual trusted connectivity, between endpoint synapse, visibility

security, attributes of Basil. You don't want to have to, like, rely on, good face, right things. And then, lastly, we want to consider the possibility that now everyday household items such as you are now part of the battlefield proceed accordingly. So your printer, we're all working from home, and we all use our local internet, our local local, kind of router to connect back, even to an office work space. So we should also also, also be considering kind of power i o t Place into that. By the way, you know, if any of you have any questions, we are available in the chat to

be able to kind of answer those. So you have any questions, feel free to type So next one Evolution to is around prioritizing Simplicity and adaptability. And really, the goal here is to understand that Simplicity is your friend, where as you know, it could come complex City, not so much your friend knows nothing of the kind of causes to feel. So, you know, one principal think of is that no battle plan survives. First contact, with the enemy is actually an old military saying, but it really it holds. Yeah, we can prepare all we want, right? We

can do all sorts of preparation. But when you get to game day, when you get to a real situation where you are facing a real and credible threat, the threat is likely to look different than the things that you prepared for. So, you know, we want to be able to have our, we are plans to be flexible, right? And to do that. We don't really want to have like specific to granular plan. We kind of want to have, brought Guidance with some, you know, specific to that asking. But like what you want to rely on our leaders and our people to kind of make the right decisions, right? Because of the plan

is to cemented and it won't be able to adapt to what the ad as Siri does. So the next principle here is to realize it's simplicities your friend and complexity favors your adversary. So think of it, like this. If you're going to use different types of security Technologies, if you're going to rely on different types of cloud Technologies or whatever, maybe I would think about how you can consolidate less-is-more. How can you have a less agents on your machine? How can you have a less complexity more comprehensive protection instead of relying on lots and lots of different capabilities. How

do we kind of narrow that down? Because the challenge of relying on a lot of different capabilities to protect yourself? Is now that's a lot of opportunities for a mistake to happen. Cuz each one of those organizations that you rely on. That is a potential that you know, that is a bunch of potential Avenue into your organization. So we want to think about how can we narrow that, how can we really make that, you know, the battlefield, much more simple and thereby much easier to protect. Another thing of a kind of realizes that, you know, the only constant and Shane are the only, the

only constant in life is change and that applies to the Cyber realm as well. They have a series. Always adapting, always creating new types of capabilities, new types of malware, new types of social engineering scheme, you tight somebody. That's and they are always evolving their tactics and also didn't so accordingly. We kind of need to be adaptable to that if they're going to rapidly adapt, to what they do and change the way they operate. Then we also kind of need to get used to rapidly adopting our defenses and making them more dynamic as opposed to static. The next evolution

is around evolving from reacted to proactive and it will be really want to focus on here is, how come you know, how? We'd just be more proactive than reactive discipline? See the alert address, the alert. Receive the incident respond to the incident. It's a, it's always like something has to happen first. And then. Oh, okay, then we go after it again. Like I said earlier, though, the challenge of just waiting for things to happen is eventually. Yeah, then she doesn't go your way. Eventually you get subjected to

strategic surprise. So we want to think about what are the proactive things that we can do in order to mitigate some of those surprises. So, you know one day recommendation is using threat intelligence to preemptively understand threats. And when we think of it is like this, you know, the most likely thing to happen to you, is whatever just happened to your pure, if something happened to your peer and up here is a similar business to you. Then that is probably something that you need to know about. And that is all to me, what threat intelligence helps. You understand, or intelligent to

help you understand how these breaches are happening. What the adversaries capabilities are and it allows you to understand those capabilities and to prepare accordingly as opposed to having to experience those capabilities first hand for the first time. The next. What next recommendation I have ears around threat hunting. And what I'm talkin about of my customers about lately is the need to engage in intelligence-driven and hypotheses Focus threat hunting operations. And what I mean by this is a lot of three Hunters. Can I just do like whatever their gut tells them? Which okay, that is

one way to do it, but that's not very method. That's not very methodical. One more proactive than what I thought of a way to do. This is to use intelligence-driven information to do this, right, hon. So, like I said earlier, if you are. Just got breach by something and you know who the adversary who did it. And if you know what capability of Leverage, I would contend that you need to run that a restaurant inside your own environment. So again, it's hype. How do we use the information about around? What's happening around us to really kind of hone in and do the specific for us to go

out to these more advanced adversaries? And the last one on the slide is the round, the need to achieve a common operational, picture of the threat. And what I mean by this is different security, teams need a way of seeing the same problem, the same way and what I mean by this is the threat intelligence. Team used to have the same understanding as the sock which needs to have the same understanding as the incident response. What she's doing, so on and so forth, right? Everybody needs to have a similar understanding of the threat because if one team has won understanding of the

threat, but another team has another understanding and suddenly this guy is going to do this thing over here, and this guy is going to do that thing over there. And somebody what they do what they're going to do is not really going to drive with each other. So using intelligence and using kind that understanding of the adversary to achieve a common operational picture. Not only make sure they were kind of all in line and all doing the right thing. But it also helps us be more efficient, which is very important in this day and age, And then the last evolution, I'm proposing is around the

need to prepare the workforce for The New Normal. So what do I mean by that? You're the first one? Is that the kind of be ready to combat the threat of misinformation. So our adversaries are not going to stop doing, they're going to continue to use these Global events against us. They're going to use covid against us. They're going to use politics against us, are going to use all these different things against us. So we need to kind of be ready for that. But if nation-state and equinoxes, are you white or not? Going to change his tactics anytime soon. The next one I would consider is that you

no accounting for the use of fear tactics by her adversaries. And when I think about covid-19, one thing to cut, one of the reasons these covid-19 where is work really well is cuz they really straight to the fear in people's hearts. And, of course, in covid-19 pandemic, it is definitely a huge implications, right? And are out of service. That's why they focus on this. Because they know that you was a victim, are much more likely to interact with something that you are afraid of. You are much more likely to click when you are free. So we have to be ready for this, right? Cuz it's not just

Covid-19, there's going to be other hardships, were all throughout this planet and other elections and other things that are really going to cause a lot of global motor riding a living Global tension, and we need to be ready for the use of these fear tactics to exploit these things against us. And then, lastly, I would challenge that we need to think about Danity as a new printer. And here's what I mean by this, right? We already tried the network, is the perimeter that didn't work, even using me, just so you could even just rely on Employment Security products that by itself, not a

silly going to work, right? So when you kind of had this multiple way of kind of really validating embedding, who is on these machines, who exactly is doing what? So I would contend that we really do need to go to, this is zero, trust mindset. We were thinking about going to like, who is using the machine. How is this machine connecting to these applications? Is this behavior is normal. Really thinking about the behavior in the identity of the individual itself, as opposed to just two characteristics of machine? The more than kind of get to this. I was hitting this really be the next

Evolution and how we can truly get closer to check in the core. Of our organization in the core. It infrastructure. So, you know, all in all I'm with somebody that I kind of talked about earlier than you again. If you have any questions, feel free to put the put them in the chat and it would be happy to answer them with this. Ultimately. We want to think, we really do want to really realize that it's just you and the adversary that is you and all the things that you are trying to protect. And there is your adversary, rabbits area is trying to take things from you. They could be there trying

to take your National Security Secrets. Maybe they're trying to take your money. They're trying to take your intellectual property. Whatever it is about you, whatever it is that you're doing well. And it is causing you to succeed as a business. Those same reasons that you are successful are the same reasons, but you're out of service are going to attack you. So, I would Challenge and contend that we need to understand these reasons. Not only do we need to understand the reasoning of the adversary, but we need to understand their capabilities. We need to understand their infrastructure. We

need to understand their ttp's, we need to understand everything that they are capable of, and we need to know a lot more about them than we currently do now. And again, the reason I say, this is what I said earlier. Your ability to defeat cyberthreats rest, almost entirely on your understanding of the problem. If you truly understand the problem. And if you truly understand what the adversaries capable of, and you will make the right decisions. You will make the right judgment calls, you will hire the right people. You will buy the right stuff. But if you are not aware of what the adversary

is doing, and if you are not aware of their capabilities or infrastructure than that, have a Siri will eventually Catch You by surprise. So I know you got kind of called to action on this. I do or just really think about how can we really enhance our understanding of the problem and how come your hands are understanding about a series in order to protect our environment? So thank you for your time. Like I said, the beginning, my name is Jason from the director of the Strategic red advisory through the crowdstrike. We are available on chat to answer any questions that you might have. So,

feel free to typos in and I hope you enjoy the rest of your RSA conference. Thank you.

Cackle comments for the website

Buy this talk

Access to the talk “Nowhere to Hide: How COVID-19 Forever Changed Your Company’s Attack Surface”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Ticket

Get access to all videos “RSAC 365 Virtual Summit”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Ticket

Similar talks

Selena Larson
Senior Threat Intelligence Analyst at Proofpoint
+ 1 speaker
Camille Jackson Singleton
Strategic Cyber Threat Lead at IBM
+ 1 speaker
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Michael Mylrea
Senior Director of Cybersecurity R&D (ICS, IoT, IIoT) at GE Global Research
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Behnam Dayanim
partner, chair of Advertising, Gaming & Promotions and co-chair of Privacy & Cybersecurity practices at Paul Hastings LLP
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Buy this video

Video
Access to the talk “Nowhere to Hide: How COVID-19 Forever Changed Your Company’s Attack Surface”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
843 conferences
34172 speakers
12918 hours of content