Protecting Critical Space Assets from Cyber Threats

Andres Andreu, CISO at 2U, Inc.

Andres Andreu, CISO at 2U, Inc.

1. What are some of the major challenges and trends that have been impacting the Cybersecurity space lately?

Top of mind in terms of Cybersecurity challenges are the following:

Pace and Sophistication - The pace at which nefarious entities, or threat actors (groups, individuals, nation states, etc) are moving is both impressive (as a technologist) and concerning (as a defender). This challenge is compounded by the sophistication of the nefarious work and/or campaigns. The techniques being employed these days, such as fileless malware, are very sophisticated and difficult to detect.

Lack of awareness - The weakest link in the defending chain is still the human. Given that there will always exist a lack of awareness within the human population that is not focused on Cybersecurity, Cyber crime will exist. Defenders are generally operating from a point of disadvantage in this regard and some businesses push back when awareness campaigns get aggressive. Users have jobs to do, and given the last few years, are somewhat burned out; so becoming security conscious sometimes takes a back seat.

Ransomware preparedness - This is really a game of Cyber whack-a-mole. Defenders are constantly reacting to the tactics, techniques and procedures (TTP) that attackers design, build and utilize. This is especially so in reference to Phishing, Vishing and Smishing and those all are major roads that lead to possible ransomware events. But this is a reactive space and no matter how proactive you try to be it feels like the attackers always have an advantage.

Attack Surface Management - understanding one's attack surface is critical. Given budget limitations it is this intelligence that points a direct line to the areas where one's protective dollars need to go. The challenge is that there is a certain level of elusivity to modern day attack surfaces. Ephemeral cloud instances, home network extensions of the corporate network, build/pipeline as code are just a few of the elements that make for a continuously changing attack surface landscape.

Possible Regulatory changes - Government entities, such as the U.S. Securities and Exchange Commission (SEC), are getting more involved with corporate matters. They are pushing for stringent reporting requirements. For those organizations that must adhere to these rules there may be some upcoming challenges in order to meet the new requirements.

2. What keeps you up at night when it comes to some of the major predicaments in the Cybersecurity space?

The combination of four ingredients keeps me up at night. If one couples the lack of security awareness that generally exists amongst normal humans (i.e. not Cybersecurity professionals) with the increased rate of nefarious activity we see today, a somewhat bleak picture starts to form. Add to this mix the increased level of sophistication we see coming from the bad actors for the third ingredient.

The last ingredient is the ever evolving attack surface we are responsible for. If one thinks of our new perimeter-less reality, the challenge of actively protecting a large percentage of our modern-day ecosystems seems daunting. What was once well confined within corporate networks is now extended into multiple cloud provider ecosystems and peoples homes. Those four elements come together to form a very concerning state of affairs and this does impact my sleep.

3. Can you tell us about the latest project that you have been working on and what are some of the technological and process elements that you leveraged to make the project successful?

Automation of threat detection and response is a critical space for us. When you have a small team, yet a very wide scope of responsibility, you have to minimize the dependence on the human. Humans just don’t scale. For instance, it is unrealistic to expect an analyst to be able to sift through large volumes of log data on a regular basis. If your ecosystem generates enough log data there have to be automated processes to intelligently make decisions and act on them.

Artificial intelligence is exciting. Machine learning is exciting. Automation is exciting. But what’s more exciting is looking forward to the day when those truly become viable solution spaces and not just sales/marketing buzzwords

We use commercial Security Information and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) products to achieve some of those results. But we also have some home grown solutions to fill gaps where the commercial players had a void. One longer term project is the designing and build out of a Secure Software Development Lifecycle (SSDLC). This push of security to the left where elements such as secure coding, Static Application Security Testing (SAST) and secure design is essential to improve our overall security posture. Ultimately, this posture and our security maturity are all about us building the most secure environments for our students to safely learn.

4. Which are some of the technological trends which excite you for the future of the Cybersecurity space?

Artificial intelligence is exciting. Machine learning is exciting. Automation is exciting. But what’s more exciting is looking forward to the day when those truly become viable solution spaces and not just sales/marketing buzzwords. There is industry talk of evidence that the attackers are using some advanced intelligent technology for their work. In order to keep pace the defenders will need to counter with just as much sophistication. Ultimately that Cyber warfare space is exciting all around.

5. How can the budding and evolving companies reach you for suggestions to streamline their business?

Having lived the journey of start-up to successful exit at Bayshore Networks, I am very sensitive to the challenges that entrepreneurs face and am extremely supportive of the journey they are on. Folks can reach out to me on Linkedin and we can build a rapport from there if it makes sense to do so. Through my involvement with Forgepoint Capital (as part of their Cybersecurity Advisory Council), I get to spend time with Cybersecurity product and company founders and their technical teams. My perspective is beneficial to them because I have been in their position, but I am also versed in the related customer experience given my corporate roles as a consumer of their types of offerings.

I am also very involved with my peers and industry organizations, such as The NY CISO Community (Evanta), Cybersecurity Collaboration Forum and The CISO Society. Evolving cybersecurity companies usually get tough technical, implementation and positioning questions from me. This is all with the intention of adding real world value. Ultimately, I feel I add value by sharing my perspectives and advice, challenging these companies to consider elements they might not have prior to that point.