Outlook 2021: The New Year Will Bring Increased Sophistication of Attackers
Ray Kafity, the Vice President for the Middle East, Turkey, and Africa (META) at Attivo Networks, speaks about the opportunities in 2021
How was 2020 for the industry and your company?
There’s no denying that the pandemic caused unexpected and rapid change on all fronts. With virtually no warning, organisations globally had to shift most of their staff into a “work-from-home” mode. (98% of employees resorted to work-from-home mode after Covid 19 versus 4% of employees pre-Covid-19) Meanwhile, IT teams had to quickly put in the infrastructure to allow remote access to core applications and data stores. For Attivo, 2020 was an exciting year since it came with its fair share of opportunities and challenges for which its technology could be applied.
Despite the challenges associated with COVID, Attivo was pleased that IDG highlighted deception technology as a Pandemic Technology winner based on its ability to solve complex issues related to ransomware and remote worker site security. Their survey of over 500 security professionals cited that 1/3 of their respondents were researching deception technology to close detection and data protection gaps.
What sort of opportunities did 2020 bring along?
On the security front, CISOs and their teams wrestled with the best ways to provide secure links for a dispersed workforce while maintaining adequate protection against cyberattacks. In turn, we had a busy year, working toward extending our ThreatDefend detection and response platform as an on-premise solution as well as a cloud service offering. With this solution, organizations can add a proactive defense capability with advanced cyber threat detection and protection features and enhancements across traditional data centers and within popular public/private cloud platforms.
Additionally, with the increased targeting of healthcare organizations, Attivo released innovations that made it possible to conceal the date and file systems from attackers as well as the ability to deny attacker access, which made it exceptionally difficult for an attacker to steal or encrypt data that they cannot see or alter. The ability to also hide Active Directory objects, which are used in most ransomware attacks, has also made it extremely difficult for attackers to gain access to the system management systems and gain the privileges they need for their attack. Addressing AD protection and deterring ransomware attacks has created a significant opportunity for Attivo resellers to bring new solutions with immediate ROI to their customers.
Did you face any challenges in 2020?
The major challenge that we faced in 2020 is how to maintain customer engagement and our revenue forecasts in the Middle East, Turkey, and Africa with the Covid 19 Pandemic in full force. Customers decided to conduct their business with solution providers through remote sessions via WebEx, Zoom, and Microsoft Teams, which initially slowed down engagement, but has now become the new normal. As security teams addressed the new strains of remote working, we saw initial delays in project completion and hindrance in new project introductions. Prospects further delayed their procurement buying decisions until they could address fundamental operations and, in some instances, canceled projects altogether.
What were your key achievements in 2020?
One of our key achievements in 2020 was our rapid move to improve the Security Operation Centre (SOC) efficiencies for all clients that utilized our solutions. A report revealed that using cyber deception reduces data breach-related costs by over an amazing 51% as compared to organisations that do not deploy deception technology. These considerable savings were based on faster detection and response, effective incident response, and reduced incident handling complexity.
Another major achievement in 2020 was the release of the MITRE ATT&CK Framework and MITRE SHIELD knowledge base. This provided customers insight into protection gaps and clearly positioned Attivo Networks to be forefront in their active defence tools. With extensive mapping to the MITRE techniques and procedures, customers can easily see and take full advantage of the Attivo Networks ThreatDefend platform for building and deploying active cyber defence solutions.
What promises does 2021 bring along?
2021 will bring increased sophistication of attackers. We will see an increase in attacks on Active Directory as attackers seek to gain domain control. In the case where they are successful, we will see some of the largest disruptions of service and ransomware payment demands that we have seen to date. Organizations that want to avoid falling victim will use frameworks like MITRE ATT&CK to assess their security stack and will use this information to close the detection gaps related to cyber threat actor attacks like unauthorized network discovery, rogue lateral movement, credential theft, and privilege escalation.
Deception technology is designed specifically to detect the theft and misuse of credentials, privilege escalation, reconnaissance, and data collection activities. With 1/3 of the market seeking to adopt deception technology, this will make an attacker’s task exponentially harder as they will have to operate flawlessly without the support of their tools, which are also now being nullified with deception disinformation.
Do you see opportunities in the regional markets with new markets opening up?
Emerging markets such as the Middle East hold great potential if we go by the growth trajectory of cybersecurity spend. Greater focus on digital transformation has led to increased cyberattacks and organisations here will need to update their cybersecurity strategy and infrastructure to cope up with the changes.
According to you, which technologies will be in demand in 2021?
Cyber deception is still quite misunderstood and often mistaken for older honeypot type technology. In 2021, we believe that increased awareness and education will lead to greater adoption of the newer, more modern deception technology. While most organisations will continue to deploy EDR solutions, a mix of EDR & deception solutions will prevent infiltration and lateral movement and at the same time enable faster detection. With this in mind, you will also see the increased partnership between EDR vendors and deception technology providers as these vendors need to add credential and Active Directory protection to their solution mix.
What will be your key focus areas for 2021?
Companies will continue to adjust to a significant proportion of staff working from home during 2021. For the employees returning from the extended break, the CISO needs to be aware that people may bring devices that already have an infection when returning to the office during the year. Reconnecting them to the central networks could provide an opportunity for a cybercriminal to gain access. Our focus would lie in helping such organisations cope with this real threat.
Protecting Active Directory and access to files from ransomware attacks will also be a primary focus in 2021. Data concealment technology is a new innovation, which will have great traction in the new year as organizations realize the data protection benefits of hiding and denying access.
What milestones have you set for 2021?
Our main milestone for 2021 is to align our sales and marketing efforts to address the gradual return of businesses and organizations to the normal way of doing business. Another milestone is to ensure that as we expand the capabilities of the Attivo Network’s ThreatDefend platform that META businesses are quickly educated on the benefits of conditional Access Management and Credentials Security. This will help companies scale their visibility, detection, and zero trust programs, regardless of their current security posture maturity.
What would you like to do differently in 2021, when compared with 2020?
We will prepare for a largely remote workforce. This will include the introduction of more cloud offerings so that companies can be operational without having to have anybody in the office to manage physical deployments. We will also look at online and digital platforms vs face to face events as we expect that at least for the first half of the year that people will prefer to attend webinars, online meetings, or read articles to gather information on security products.
Do you plan to enter new markets or add new products/applications to your portfolio in 2021?
We recently partnered with McAfee to provide advanced real-time in-network threat detection, credential, and Active Directory protection, attack analysis, and improved automated incident response to block and quarantine infected endpoints. We similarly partnered with SentinelOne well to prevent protect Active Directory and disrupt an attacker’s attempts to gather credentials and perform reconnaissance activities that are needed for lateral movement.
Furthermore, our Native and Extensive technical integration partnerships with various Cyber Security vendors make Attivo Networks ThreatDefend solution an easy and compatible solution with the major endpoint, SEIM, network blocking, and orchestration vendors.
