Illusive Blog February 26, 2021

Listen to Your Customers – Insights from Our Recent Customer Advisory Board

By Bob Horn

One of the most enjoyable days in my role as Chief Revenue Officer at Illusive is working with our Customer Advisory Board (CAB) to discuss their most pressing cybersecurity challenges. We are blessed to have a CAB consisting of an amazing collection of industry luminaries and thought leaders from a who’s who of global companies. Unfortunately, our most recent session had to be held virtually for obvious reasons, but that didn’t stop the session from being an engaging and dynamic discussion. At Illusive, one of our key missions is customer satisfaction, not just with our innovative active defense technology, but through customer service that makes us a true partner with the organizations who place their trust in us.

As our customers reviewed the unprecedented and brutal year we just put behind us, I still noticed a sense of optimism among the crowd. A lot of 2020 was spent in survival mode, as we all invented secure work-from-home plans on the fly in the middle of a raging and unpredictable pandemic. Nevertheless, you could sense that our customers finally had more time and space to consider the lessons learned from the previous year’s mad scramble. I saw a few themes come up again and again at the session, and wanted to take some time to share, as I think they will be relevant as organizations of all kinds and sizes seek to apply the security lessons of a year that was truly like no other.

Despite SolarWinds, Targeted Ransomware Remains at the Top of Everyone’s Mind

As we shut the door on 2020, the security gods had one last laugh at our expense – the SolarWinds/Sunburst hack, one of the most sophisticated and wide-ranging attacks in recent cybersecurity history, and one our customers were still getting their heads around. Despite the many recent headlines, it was targeted ransomware that was cited as the number one threat our customers sought to stop. Partially it is because we still don’t really know the true extent of SolarWinds; and we are lucky Fireeye was able to discover that something was amiss before the attack could advance undetected any further.

The extent of targeted ransomware’s damage is more clearly defined and remains top of mind in the day-to-day operations of our customers’ security teams. It’s not as if the organizations don’t already have dozens of different security solutions aimed at stopping ransomware; however, the ransomware attackers are getting so sophisticated they are able move laterally and quietly through an organization without raising an alarm. Speeding detection, reducing dwell time and being able to pluck the true attack in progress from the sea of false positive alerts were consistently cited as essential aspects to containing an attack before a critical mass of devices gets bricked.

Effective Threat Detection Requires Diversifying and Segmenting Tools

At a core level, there’s not much separating the way the SolarWinds attack was carried out from the way ransomware attacks are typically launched. Both leverage slow and low movement under the radar of established security agents to move laterally toward the data they want to compromise. Both succeed very well against traditional prevention and detection tools, in many cases disabling or bypassing them. Both use similar tactics, techniques and procedures – making deterministic detection of both attacks in a way that doesn’t depend on previously observed activity, signatures or anomalies all the more urgent.

To reduce their anxiety about threats that might circumvent a security agent, our customers are taking a multi-layered and diversified approach to attack detection. Security agents on the endpoint remain an important building block, even if they can be evaded by the most sophisticated attackers. Our customers recognize there is no silver bullet; they need to build a defense-in-depth strategy with multiple layers to ensures detection even if another layer is sidestepped. Deterministic threat detection based on attacker interaction with deceptive data plays an important role in our customers’ multi-layered approaches.

The Cloud is the Next Big Attack Surface

Customers were also quite concerned about the risk presented by the evolution of so much infrastructure moving to the cloud. One customer noted the the cloud makes them feel blind; they don’t know what they don’t know when it comes to cloud risk, even as they recognize the financial and productivity gains from moving to the cloud. No security executive wants to say no all the time when an attractive new business case might increase potential risk exposure.

One of the biggest factors driving unease about the cloud is the identity fatigue leading to overprivileging, shadow admins, and other forms of unmonitored credentials that lay dormant on the network. These credentials are created in the course of doing normal business – maybe they were the result of an RDP session that wasn’t properly closed, or perhaps there are discrepancies between different systems with separate means of authentication. It doesn’t really matter how they originated; their presence means an attacker can mask their lateral movement towards crown jewels under the cover of connectivity that is technically legitimate.

This connectivity often falls between the cracks of legacy identity management tools, and since the attackers are using stored credentials, they often pass the filters and policies meant to detect them anyway. Defense-in-depth and diversifying security tools also plays a strong role in this scenario; solid cyber hygiene and attack surface management provides an additional layer on top of IAM and PAM to effectively prevent the exploitation of these extraneous credentials and lateral movement pathways.

We were already planning on enhancing our cloud capabilities as one of our 2021 pillars, and the CAB confirmed the market is hungry for simple, yet effective, ways to secure the cloud. Expanded integrations with Microsoft cloud solutions and new deceptions designed for the cloud are just a couple of the cloud security initiatives we plan on launching in the coming year, and our customers confirmed the need for these solutions is only growing.

Gratitude for a Unique and Vibrant Customer Base

We wish we could have been able to host our guests face-to-face with the fanfare they deserve at the CAB. Nevertheless, we feel extremely fortunate to be able count on the wonderful customers we have, and their input made the CAB an event that continues to inspire us towards making a world where organizations one day will no longer have to worry about cyberattacks interrupting their business. We took detailed notes on everything we heard and have already started to apply the feedback we received from the event into ongoing product development.

Want to see what makes our customers so excited to partner with us? Sign up for a low-touch Attack Risk Assessment to see where your organization can immediately reduce its attack surface without a lot of overhead.

Bob Horn is Chief Revenue Officer at Illusive.