Personal blog of Yzmir Ramirez

If the definition of insanity is doing the same thing over and over and expecting a different outcome, then one might say the cybersecurity industry is insane.

Criminals continue to innovate with highly sophisticated attack methods, but many security organizations still use the same technological approaches they did 10 years ago. The world has changed, but cybersecurity hasn’t kept pace.

Distributed systems, with people and data everywhere, mean the perimeter has disappeared. And the hackers couldn’t be more excited. The same technology approaches, like correlation rules, manual processes and reviewing alerts in isolation, do little more than remedy symptoms while hardly addressing the underlying problem.

Credentials are supposed to be the front gates of the castle, but as the SOC is failing to change, it is failing to detect. The cybersecurity industry must rethink its strategy to analyze how credentials are used and stop breaches before they become bigger problems.

It’s all about the credentials

Compromised credentials have long been a primary attack vector, but the problem has only grown worse in the midpandemic world. The acceleration of remote work has increased the attack footprint as organizations struggle to secure their network while employees work from unsecured connections. In April 2020, the FBI said that cybersecurity attacks reported to the organization grew by 400% compared to before the pandemic. Just imagine where that number is now in early 2021.

It only takes one compromised account for an attacker to enter the active directory and create their own credentials. In such an environment, all user accounts should be considered as potentially compromised.

Nearly all of the hundreds of breach reports I’ve read have involved compromised credentials. More than 80% of hacking breaches are now enabled by brute force or the use of lost or stolen credentials, according to the 2020 Data Breach Investigations Report. The most effective and commonly-used strategy is credential stuffing attacks, where digital adversaries break in, exploit the environment, then move laterally to gain higher-level access.

Enterprise IT has been completely transformed by SaaS the past decade. Okta last week published a report that showed that the largest companies now use 175 apps, a doubling over the past few years. More professionals have more tools to do their jobs than ever before. It’s an explosion of creativity and expressiveness and operational latitude — but also a recipe for disaster.

It’s one thing to give people and businesses tools — and something else to train them to use those tools effectively. Worse, as the number and complexity of software has skyrocketed the past decade, it’s only become harder for end users to grapple with offering their customers the best possible experience.

That’s the opportunity for a range of new tools that are designed to guide — sometimes forcefully — people to use the software they have in the best possible way, in what you might dub “best practices as a service.” It’s software that is opinionated on what “best” looks like within its domain, and ensures that as many people follow that model as possible with minimal dissension. It’s simplicity-in-a-box for a complex world.

Let me give some examples from a few major fields of startups in e-commerce, security, web development and finally, in my chosen profession, writing to illustrate what I mean.

SolarWinds, the company behind tools like Pingdom, Papertrail, Loggly and a number of other IT management tools, today announced it has acquired Trusted Metrics, a company that helps businesses monitor incoming threats to their networks and servers. This move follows SolarWinds’ acquisition of Loggly earlier this year. Among other things, Loggly also provides a number of security tools for enterprises.

Today’s acquisition of Trusted Metrics is clearly part of the company’s strategy to build out its security portfolio, and SolarWinds is actually rolling Trusted Metrics into a new security product called SolarWinds Threat Monitor. Like Trusted Metrics, SolarWinds Threat Monitor helps businesses protect their networks by automatically detecting suspicious activity and malware.

“When we look at the rapidly changing IT security landscape, the proliferation of mass-marketed malware and the non-discriminatory approach of cybercriminals, we believe that real-time threat monitoring and management shouldn’t be a luxury, but an affordable option for everyone,” said SolarWinds CEO Kevin Thompson in today’s announcement. “The acquisition of Trusted Metrics will allow us to offer a new product in the SolarWinds mold—powerful, easy to use, scalable—that is designed to give businesses the ability to more easily protect IT environments and business operations.”

SolarWinds did not disclose the financial details of the transaction. Trusted Metrics was founded in 2010; although it received some seed funding, it never raised any additional funding rounds after that.

 SolarWinds, the company behind services like Pingdom, Papertrail and AppOptics, today announced that it has acquired the cloud-based log-monitoring and analytics service Loggly. The two companies did not disclose the price of the acquisition, but Loggly, which was founded in 2009, had raised about $47 million over the years, including an $11.5 million Series D round in 2016. Investors include… Read More