Gordon Love, VP, MEA, Mandiant spoke with CPI’s Nitya Ravi about their participation at GISEC 2022 and how XDR & other Mandiant solutions can help mitigate risks for organisations.
How can security operations teams strengthen threat detection, accelerate response capabilities, and simplify investigation?
We clearly believe that security operations are probably one of the most challenging security roles in an organisation. For that team to be effective in terms of identifying, responding and prioritising threats, it’s important for them to have access to quality threat intelligence. Having access to quality threat intelligence means they can identify who the threat actors are that are targeting their organisation or their industry or vertical and then take TTP that is tools, techniques, and procedures that these threat actors use and apply it to security operations to take the hundreds and thousands of alerts being received on an hourly basis. They can then consolidate it down to real alerts and threats that are specific to their organisations. So, all this depends on good quality and relevant threat intelligence.
How can Extended Detection and Response (XDR) help shorten organisations time to respond to threats and improve their security posture?
Organisations with relevant cyber threat intelligence can customizhe all internal alerts and events that are coming into their organisation. It typically arrives at the security operations centre or the security function. XDR looks to replace the level one sub operations analyst. in other words, how can companies normalise, correlate all the alerts that they keep getting and distil that down into what are the real security incidents that they should be using their resources to defend themselves against? So, XDR helps organisations with relevant threat intelligence to perform level one, level two analyst’s job by reducing the number of alerts into critical incidents and helping them take automated response against any adversary or any attack. We have a multivendor XDR which can be integrated across number of different technologies and platforms. We are vendor agnostic and so can assist organisations in accelerating and automating their defense capabilities through that.
How can organisations understand their external and internal risks and automate it to operationalise it effectively and efficiently?
Organisations can look at themselves and identify their internal assets and have a cyber-defence strategy for defending those assets. What we often find is that there are several blind spots, for example we have users using rogue cloud applications bringing data into an organisation that the organization may not be protecting itself against. Secondly, we have third party vendors and suppliers that are connecting to that company that also have access into that network. Mandiant offers something called Tech Surface Management which effectively allows an organisation into view their organisation through the eyes of the attacker so it encompasses the organisations rogue deployment set, any subsidiary organisations, or companies as well as third party integrations, it gives the company a clear view about what it needs to protect itself against.
With ransomware attacks on the rise, how is Mandiant helping customers mitigate the same?
Ransomware has now evolved into a multifaceted extortion business. It’s no more just about encryption or asking for ransom, it’s also about threats of public disclosure, about brand devaluation, publicly embarrassing organisations. Up until Dec 2021, we saw ransomware and extortion trends evolve. There were around 92 ransomware data theft advertisements related to companies in the Middle East which was around naming and shaming. We continue to monitor it and to try and help organisations by offering ransomware readiness assessment services. Our overall mission as an organisation is to help companies defend themselves better and increase their level of preparedness in such instances.