Articles by Michael Malone
There was a time when one of our biggest challenges was securing our physical assets, whether that was our people or our property from crime. We researched and deployed the very latest in video solutions, intrusion systems, fire alarms and access control devices, all in an effort to keep the bad guys out and the good guys safe, along with protecting our facilities from break-ins, robberies and countless other crimes. However, times are changing. No longer must we only be concerned about keeping intruders out of our buildings but now—off our networks. It should come as no surprise that cybercrime is one of the biggest threats organisations of all shapes and sizes face today. While attacks on major brands and Fortune 500 companies make headlines, there were purportedly 918 reported data breaches, compromising nearly 2 billion data records in just the first six months of 2017. Of those 918 breaches, 500 of them had an unknown number of compromised records. Some in the industry referred to not locating cyberattacks in a swift manner as a breach detection gap or dwell time Reducing breach detection gap Depending on your organisation, these cybercrimes and the investigation into them, may be handled by your IT department. However, considering the magnitude of these crimes, it now falls on the entire organisation, including the traditional security or loss prevention executives, to band together to combat these threats. One of the biggest challenges cyberattacks pose is timing. Often cyberattacks can go undetected for weeks, months or even years. Some in the industry referred to this timing as a breach detection gap or dwell time and is defined as the time elapsed between the initial breach of a network by an attacker and the discovery of that breach by the victim. To put that into perspective, the most recent Ponemon report on the cost of a data breach showed dwell time for malicious attacks has stretched to an average of 229 days—a long time for bad actors to be lurking around your networks. Many companies rely on heritage-based services offered by managed security service providers (MSSPs) Traditional cybersecurity measures We are familiar with traditional cyber lines of defence against these attacks like firewalls and anti-virus software. While these solutions are effective at identifying and potentially stopping known forms of malware and viruses that are attacking companies every day, they are blind to signatureless and zero-day malicious activity. Unfortunately, this trend does not show signs of letting up as internal security processes are having trouble keeping up with increasingly sophisticated land pervasive threats. Many companies rely on heritage-based services offered by managed security service providers (MSSPs) that use security information and event management (SIEM) software, or intrusion detection systems/intrusion prevention systems (IDS or IPS respectively) to monitor networks for malicious activities on a continuous basis. However, these activities are based on known threats where a valid signature of the cyberattack or system logs are available and used to analyse activity. They then provide security alerts to the client and generate reports for compliance purposes. This form of alerting often generates an overwhelming number of notifications causing what is coined in the industry as ‘alert fatigue’ making it hard to weed out what is important from what is not. Managed detection response uses a combination of advanced technology and expert human analysis to combat cybercrime Managed detection and response The Ponemon Institute found that companies spend an average of 21,000 hours each year analysing false negative/false positive alerts trying to detect and contain cyberattacks. This translates to approximately 17,000 security alerts in a week of which only 4% were deemed reliable and investigated. This can potentially waste nearly $1.3 million per year on investigating and managing inaccurate data. Based on this overwhelming challenge, it’s time for organisations to look at improving real-time threat detection and incident response capabilities beyond standard security screening and compliance requirements. In addition to the services provided by an MSSP, it would be wise to add or layer a managed detection and response (MDR) service to your arsenal of cyber defence weapons. An MDR analyst can replay the event allowing him to dig deeper into the incident and determine remediation steps Identifying real threats with MDR services MDR services use a unique combination of advanced technology and expert human analysis. Equating MDR services to traditional physical security devices, it is more like having a DVR, where an analyst can go back and replay the incident on the network via packet capture technology. Event logs and signatures by themselves don’t provide visibility and detail. Traditional cyber defences act like a conventional alarm system. The alarm sounds and a notification is sent, but there is no context or detail about the incident and it is up to the recipient to determine if the alarm is valid, what exactly happened and what to do about it. With packet capture on the network, an MDR analyst can replay the event allowing him to dig deeper into the incident and determine remediation steps. This approach helps quickly identify real threats to the business, provides remediation specifics for timely resolution, and significantly cuts through the false positive noise so security teams can focus on the things that matter. Efficient incident management MDR services only notify clients after the incident is verified. The notifications provide granular detail of the scope and severity of an attack with recommendations for quick containment and response. MDR services offer 24/7/365 continuous monitoring of customer network data, provide analysis of the data to add context to the event and notify the customer of the incident. With MDR services, clients have direct communication with the security analyst and rely less on using an alert portal With MDR services, clients have direct communication with the security analyst and rely less on using a portal for alerting, investigations, case management and workflow activities. Because MDR services rely on advanced tools and human analysis, they are more apt to uncover malicious activity that has breached the first line of defence and can reduce the time from infection to detection to minutes rather than months. Combating cybercrime with secure networks To sum it all up, MSSPs focus on perimeter devices like firewalls, or IDS/IPS and SIEM and provide device management such as updating firewall rules, anti-virus software and compliance reporting. They are typically used to supplement internal IT or security teams. An MDR service concentrates on detecting threats that have penetrated the perimeter. MDRs deliver threat notification and remediation guidance. While both solutions provide value to their clients, their basic areas of focus are different. Cybercriminals are becoming more coordinated in their efforts to steal our data, disrupt our operations and damage our brands. It is time that we coordinate our efforts across the entire organisation to combat them.
Cybersecurity has become a major element – and a major source of discussion – in the physical security marketplace as a result of the rise in networked systems. And we may still not be talking enough about cybersecurity. Here is part one of our Cybersecurity series. “Cybersecurity requires everyone in the security industry to be playing offense and defense at the same time, every single day,” says Bill Bozeman, President and CEO of PSA Security Network. “It needs to just become part of the standard conversation when we are talking about physical security because they are so intertwined.” Creating new industry leaders Cybersecurity and physical security can be seen as two parts of a single entity, and increasingly the two will be combined at the enterprise level over the next several years. “This convergence of physical security and cybersecurity will create new industry leaders that will emerge to lead a new segment of the combined market through strong investment and leadership,” says Rob Lydic of ISONAS, now part of Allegion. Data capture form to appear here! Cybersecurity issues dominate almost every discussion in today’s physical security industry, and the clear message is that “manufacturers and integrators must continue to create robust and scalable cybersecurity offerings to protect customer data and facilities,” says Lydic. He contends that cloud services providers (such as ISONAS) are more cybersecure and reliable ‘by orders of magnitude’ than non-cloud solutions. Cybersecurity is linked to cloud-based systems and managed security service provider models Cloud-based services The Security Industry Association (SIA) has listed cybersecurity as one of 2019’s ‘Top Megatrends’ in the physical security market. SIA says it is important to prioritise cybersecurity among security businesses, for customers’ businesses, and for vendors. The trend calls for continual process improvement and investment. Bill Bozeman of PSA Security Network agrees: “Cybersecurity has definitely taken a strong foothold in the industry.” With the continued expansion of cloud-based services, cybersecurity will be more important than ever to integrators, manufacturers and end users alike, he says. Notably, cybersecurity is directly linked to two other important industry trends listed by Bozeman: cloud-based systems and the rise in recurring monthly revenue (RMR) and managed security service provider (MSSP) models, whose focus will include cybersecurity. Loss prevention executives The days when cybersecurity was exclusively the domain of the information technology (IT) department are gone. “Cybercrime is one of the biggest threats organisations of all sizes and types face today,” says Michael Malone, CEO of ADT Cybersecurity (formerly known as Datashield). “Considering the magnitude of these crimes, it now falls on the entire organisation, including the traditional security or loss prevention executives, to band together to combat these threats.” Cybercrime is one of the biggest threats organisations of all sizes and types face today Malone favours (and his company offers) a managed detection and response (MDR) service, which combines advanced technology and human analysis. Using packet capture on the network, an MDR analyst can ‘replay’ a cyber security event and dig deeper into the incident and determine remediation steps. It’s an approach that significantly cuts through false positive ‘noise’ so security teams can focus on what matters. Helping security officers Interestingly, cybersecurity is poised to benefit from another major trend in the physical security market – the rise of artificial intelligence. Specifically, machine learning applications for cybersecurity include: detecting malicious activity, helping security officers determine what tasks they need to complete in an investigation process, analysing mobile endpoints, decreasing the number of false positive threats, automating repetitive tasks like interrupting ransomware, and potentially closing some zero-day vulnerabilities. But AI in this case is not a panacea. Christopher McDaniels of Mosaic451 recommends pairing human intellect with machine technology to sort through data faster and catch hackers before they do much damage. See part two of our Cybersecurity series here.
ADT, a provider of monitored security and interactive home and business automation solutions in the United States and Canada, announced it has teamed with Arrow Electronics to further expand its distribution arm for its ADT Cybersecurity solutions. ADT Cybersecurity was formed in November 2017 with the acquisition of DATASHIELD and is focused on delivering managed detection and response (MDR) services to commercial and enterprise businesses nationwide. Arrow Electronics is a global provider of products, services and solutions to industrial and commercial users of electronic components and enterprise computing solutions.Dwell time for malicious attacks has stretched to 229 days from day of the attack to discovery Cybercrime prevention “This agreement with Arrow Electronics greatly expands our ability to serve the fast growing MDR market through their thousands of security resellers,” said Michael Malone, Senior Vice President, ADT Cybersecurity. “As cybercrime continues to grow, the need for managed detection and response solutions is expanding, and in turn, we’re growing our distribution channels to be well positioned to serve the market.” Global statistics from the most recent Ponemon report on the cost of a data breach show dwell time for malicious attacks has stretched to an average of 229 days from day of the attack to discovery.ADT Cybersecurity’s SHIELDVISION technology applies cyber threat intelligence to packet-level data Simplifying threat detection ADT Cybersecurity solutions include 24/7/365 network monitoring, active hunting, and deep forensic analysis using cyber threat intelligence and real-time threat detection. This allows end-users to focus on validated threats, reducing the complexity of traditional threat detection by leveraging technology coupled with human-based intelligence and internal processes. ADT Cybersecurity’s SHIELDVISION technology employs an innovative approach by applying cyber threat intel to packet-level data. This gives expert analysts the ability to identify compromises that are often missed by other technologies. SHIELDVISION can help close the gap between detection times and remediation of a successful breach.
ADT, a provider of security and automation solutions for homes and businesses in North America, announced the acquisition close of DATASHIELD, one of the country’s fastest growing cybersecurity companies. Now operating under the brand ADT Cybersecurity, this service is uniquely positioned to provide Enterprise and Mid-Market businesses with Managed Detection and Response (MDR) services to combat advanced cyberthreats in real-time. DATASHIELD CEO Michael Malone will join the ADT team as Senior Vice President, ADT Cybersecurity, reporting directly to Timothy J. Whall, CEO, ADT. The security gap is widening as advanced threats continue to bypass the first line of defence, and many organisations are struggling to deploy, manage and use an effective combination of expertise and tools to detect advanced cyberthreats. Mid-Market and Enterprise organisations are increasingly finding the need for 24x7 managed and monitored cyber solutions to help detect and respond to cyberattacks. It is estimated that by 2020, approximately 20 percent of Mid-Market and Enterprise organisations will be using MDR services such as ADT Cybersecurity, up from less than 1 percent in 2016. SHIELDVision cyber intelligence solution DATASHIELD, now ADT Cybersecurity, is the only MDR provider to offer full packet capture and inspection beyond headers and metadata behind the firewall. ADT Commercial and National Account customers who look to add ADT Cybersecurity services will also have access to SHIELDVision, a unified platform for organising, managing, & collecting cyber intelligence. SHIELDVision automates security analyst workflows to close the gap between cyberattack and breach detection time and remediation for customers. "Our goal is to provideADT customers with themost comprehensivesecurity solution toprotect their business" Data breaches caused by cyberattacks on networks are plaguing businesses of all sizes. This year could set another record for the number and severity of data breaches after record years in 2015 and 2016. The median time of compromise to discovery is a staggering 80 days with the average cost of data breach costing organisations $3.62 million. Physical and digital security solution “Our goal is to provide ADT customers with the most comprehensive security solution to protect their business, and in today’s world, this not only means their physical premise, but also their network,” said ADT’s Whall. “For more than 143 years, ADT has been monitoring physical properties, and DATASHIELD will now allow us to extend that same level of security monitoring to the digital world. Michael and his team will infuse cybersecurity DNA into our core business, allowing us to provide an offering that will distinguish our brand as the premiere resource for end-to-end security.” “The standard approach to cybersecurity was not designed to provide rapid response,” said Michael Malone, CEO, DATASHIELD. “This is a landmark opportunity to combine the brand and reach of ADT, with the technology and innovation of DATASHIELD to establish the new standard in the most comprehensive digital protection for Mid-Market and Enterprise businesses.” Advanced Security Operations Center Headquartered in Scottsdale, AZ, DATASHIELD was founded in 2009 and has quickly become the leader in Managed Detection and Response for the Mid-Market and Enterprise. In September, DATASHIELD opened its state-of-the-art Advanced Security Operations Center (ASOC), increasing customer capacity by 300 percent. ADT Cybersecurity services are available for Commercial and National Account customers effective immediately. Momentum Partners acted as exclusive financial advisor to DATASHIELD and is serving as ADT’s strategic cybersecurity advisor.