OpenText’s Paul Reid on Preventing Next Generation Cyberthreats
Summary
TLDRIn this RSA conference interview, Paul Reed from OpenText discusses the evolution of cybersecurity threats, particularly next-generation threats targeting cloud adoption and supply chains. He emphasizes the importance of understanding information management for effective data protection and introduces OpenText's new product, SideDNA, which offers a holistic approach to cyber resilience by identifying and prioritizing threats within a company's entire digital ecosystem, including supply chains.
Takeaways
- 💡 OpenText is a $6 billion annual revenue company with a strong background in information security management, which gives them a unique perspective in data protection.
- 🔒 They emphasize the importance of understanding what data you have, where it's stored, and its importance, as you can't protect what you don't know you have.
- 🛡️ OpenText's advantage is combining information management with cybersecurity products to provide better data protection and cyber resilience.
- 🌐 The company discusses 'Next Generation threats' which include attacks on cloud services, supply chains, and federated identities, as these are becoming more targeted by threat actors.
- 🕵️♂️ Threat actors are conducting more reconnaissance and open-source intelligence gathering to understand their targets better before launching attacks.
- 🔑 Centralized federated identity systems, while easier to manage, are seen as single points of access by threat actors, increasing the risk of a breach.
- 👀 OpenText advises companies to look beyond their borders and understand the global adversary signals to gain visibility into current threats.
- 📊 Adversary signal threat intelligence is highlighted as a way to provide specific, actionable insights into the threats targeting a company, rather than general information.
- 🛑 The script mentions the importance of endpoint protection, patching, and prioritizing security measures based on the specific threats identified.
- 🌟 OpenText's product offerings cater to businesses of all sizes, from small to large enterprises, with a range of products for endpoint protection, web gateways, and advanced threat intelligence.
- 🔮 Looking to the future, OpenText predicts that generative AI will play a significant role in enhancing the effectiveness of phishing and spear-phishing attacks, increasing the volume of threats.
- 🔄 The focus on supply chains as a new frontier for cyber threats is highlighted, with the potential for adversaries to target smaller businesses within a larger company's supply chain.
Q & A
What is OpenText's core business and how does it serve its clients?
-OpenText is a $6 billion a year revenue company with a historical background in information security management. It serves its clients by leveraging its unique perspective in information management to understand where data is kept, how it is accessed, and its importance, which is crucial for effective data protection.
How does OpenText's background in information management give it an advantage in cybersecurity?
-OpenText's background in information management allows it to understand the data landscape of its clients, including where data is stored and its importance. This understanding is critical for protecting data effectively, as knowing what you have is the first step in being able to protect it.
What are Next Generation threats in the context of cybersecurity?
-Next Generation threats refer to the evolving strategies and tactics used by threat actors as companies move to the cloud, leverage supply chains, and adopt federated identity. These threats are more coordinated, involve more reconnaissance, and target new areas such as supply chains and centralized identity systems.
How do threat actors compromise a company's supply chain to influence business operations?
-Threat actors can compromise a company's supply chain by indirectly influencing its ability to do business or conduct operations. If they can compromise a supplier, they can potentially disrupt the supply chain and affect the company's operations.
What is the significance of centralized Federated Identity in the context of Next Generation threats?
-Centralized Federated Identity, while easier to manage, presents a single point of access for threat actors. Compromising this identity can give attackers access to all systems and data that rely on it, making it a prime target for Next Generation threats.
What advice does Paul Reed give to companies to protect themselves against cyber attacks?
-Paul Reed suggests that companies should focus on understanding global adversary signals, which involves knowing what adversaries are doing and how they are attacking. He also emphasizes the importance of looking beyond traditional borders and working with companies like OpenText to define a 'covered space' that includes all aspects of a company's digital presence.
What is the concept of 'adversary signal threat intelligence' and how does it differ from traditional threat intelligence?
-Adversary signal threat intelligence is a more specific form of threat intelligence that tells organizations what is happening to them in real-time, rather than just providing general information about what adversaries are doing. It focuses on the attacks targeting the organization specifically, rather than a broader overview.
How can companies prioritize their patching efforts in the face of numerous threats?
-With the help of tools like OpenText's SID, companies can identify which adversaries are targeting them and the tools and techniques they are using. This information allows companies to prioritize their patching efforts to address the most immediate threats first.
What is the role of OpenText's product, SID, in helping companies understand and manage their cyber threats?
-SID (Security Intelligence and Detection) helps companies by providing visibility into the incoming and outgoing adversary signals across their entire digital presence, including cloud and supply chain. This visibility allows companies to understand what threats are taking place and to better manage their own security.
What are some of the key features of OpenText's product offerings for clients?
-OpenText offers a range of products that cater to businesses of all sizes, from small and medium businesses to large enterprises. These products include endpoint protection, web and email security, web gateways and firewalls, and advanced threat intelligence and detection capabilities.
What does Paul Reed predict for the future of cybersecurity in the next 2 to 4 years?
-Paul Reed foresees an increase in coordination among threat actors, more sophisticated attacks, and a focus on softer targets like supply chains. He also highlights the importance of fundamental cybersecurity practices such as patching, credential management, and encryption, as well as the growing impact of generative AI on cyber threats.
Outlines
🛡️ Cybersecurity Threats and OpenText's Solutions
James Maguire interviews Paul Reed, the Global Head of Threat Intelligence at OpenText, at the RSA conference. Paul explains that OpenText, a $6 billion annual revenue company, has a unique background in information security management, which helps in understanding the importance of data management and protection. OpenText's advantage lies in combining information management with cybersecurity products to offer clients better cyber resilience. The discussion highlights next-generation threats, which are more coordinated and focused on holistic business operations, including supply chain compromises and federated identity vulnerabilities. Paul emphasizes the importance of understanding and protecting against these evolving threats by leveraging OpenText's cybersecurity solutions.
🔍 Adversary Signal Threat Intelligence and OpenText's Product Offerings
The conversation delves into how companies can protect themselves against cyber attacks, focusing on the importance of endpoint protection, global adversary signals, and threat intelligence. Paul Reed discusses OpenText's approach to providing specific threat intelligence tailored to a company's needs, rather than general information. He introduces the concept of 'adversary signal threat intelligence' which offers visibility into current attacks against a company. OpenText's product offerings are explored, ranging from endpoint protection to advanced threat detection with products like Bright Cloud, Net IQ, Fortify on Demand, and the newly announced Side DNA. The future of cybersecurity is also discussed, with a focus on the increasing role of generative AI in attacks, the importance of patching, credential management, and the potential vulnerabilities within supply chains. Paul suggests that while perfect cybersecurity may never be achieved, fundamental practices can significantly increase an organization's resilience against threats.
Mindmap
Keywords
💡Cybersecurity Threats
💡Information Management
💡Cloud
💡Supply Chain
💡Federated Identity
💡Threat Intelligence
💡Endpoint
💡Patch Management
💡Cyber Resilience
💡Generative AI
💡Covered Space
Highlights
Openex is a $6 billion revenue company with a background in information security management, providing a unique perspective on data protection.
Combining information management with cybersecurity products gives Openex an advantage in offering better cyber resilience.
Next Generation threats involve more coordinated attacks, focusing on supply chains and leveraging Federated identity as a single point of access.
Threat actors are conducting extensive reconnaissance and open source intelligence to understand their targets better.
Adversary signal threat intelligence provides real-time information on specific adversaries attacking a company, enhancing visibility and response.
Companies need to extend their cybersecurity beyond corporate borders, encompassing all their presences, including content delivery networks and hyperscalers.
Side DNA helps define a covered space to monitor incoming and outgoing adversary signals, offering a comprehensive view of the threat landscape.
Distributed architecture, like the cloud and home-based systems, creates more attack points for adversaries.
With Side DNA, companies can prioritize patching based on specific adversary tools and techniques targeting them.
Openex offers products for small to large enterprises, including endpoint protection, web gateways, firewalls, and threat intelligence solutions.
Generative AI is making phishing and spear-phishing attacks more effective and increasing the volume of such attacks.
Coordination between threat actors is increasing, and they share a lot of information to enhance their attacks.
Supply chains are becoming a significant target for adversaries, as smaller suppliers often lack robust cybersecurity resources.
Side DNA extends cyber protection to an enterprise's supply chain, improving overall cybersecurity posture.
Visibility into threats and using advanced threat intelligence is vital for enhancing cybersecurity.
Fundamental practices like patching, credential management, and encryption are essential for robust cybersecurity.
Transcripts
[Music]
hi I'm James Maguire here at the RSA
conference with Paul Reed Global head of
threat intelligence at open text Paul
thanks for talking with us today thanks
for having with us today all right so I
want to talk about some of the key Cy
security threats the companies are
facing but first please tell us what
openex does and how does openex to serve
its clients so openex is a $6 billion a
year Revenue company we have a
historical background in information
security management and that really
makes us a unique company that
perspective understanding Information
Management on where you keep your data
how you access your data store your data
the importance of the data if you don't
know what you have you can't protect it
so I think for us the advantage we have
over other companies is that information
management background you put on top of
that our cyber security products now we
know where your data is the importance
of it we can help you protect it better
we're going to give you better cyber
resilience by combining those two
together into a single offering to you
and as a company we can give better
coverage than you get everywhere else so
you talk about something called Next
Generation threats what do you refer to
when you when you refer to Next
Generation threats so as we've seen
companies move to the cloud uh leverage
Supply chains more look at Federated
identity the threat actors have paid
attention to that so they're really
thinking about it more holistically on
how can we focus on you and the type of
business you do the type of things you
use in your business against you so for
example if I can compromise your supply
chain then I can in indirectly influence
your ability to do business or conduct
operations or whatever it is right and
the type of threats they're using are
very different than what we saw before
they're a lot more coordinated they're
spending more time doing reconnaissance
they're spending more time doing open
source Intelligence on you to understand
again who you're using so for example a
lot of companies have done a really good
job managing their identities right we
had identity sprawl for a long time but
now we've got centralized Federated
identity that's been really great right
easier to manage all those good type of
things but at the same time for threat
actors they look at that as a single
point of access now right so now if I
want access to your information in a CRM
or in some other system I don't have to
go compromise three or four different
locations if I can compromise your
Federated ID then I have access to
everything so we're really seeing the
threat actors focusing on that focusing
their attacks on that and it's a really
different way of thinking about cyber
security I think the question that
companies are really struggling with is
how do we protect ourselves against the
cyber attacks what advice would you give
to companies so I think one of the
things we've done a great job on
especially most recently is we always
recognize the importance of the endpoint
right the the laptops the desktops the
servers because that's where the
attackers want to get to we've done a
wonderful job with EDR and other
products like our webw products zix um
and be able to protect that what we're
seeing now with these next generational
threats is we need to sort of looking at
Global adversary signals we need to
understand what our adversaries are
doing in terms of attacks against you so
we're looking at the concept of
adversary signal threat intelligence a
little bit different than traditional
threat intelligence where traditional
threat intelligence says here what the
adversaries are doing here's the type of
ttps they're using here's where they're
operating those here the verticals are
focusing on so as an organization it's
really good general information for me
to know but it's not specific to me with
our adversary signal threat intelligence
we tell you this is what's happening to
you now so you don't have to guess am I
being packed by this adversary or
different one we're saying this is the
adversary that is attacking you today so
when we do that we give you additional
visibility so the big thing is we want
to look beyond our borders right so
again we great job EDR looking inside
now we got to look out and so what we're
asking companies to do is work with us
to Def find what we call a covered space
a protected area of their company that
encompasses just not their main
corporate but also things like do we
have content in a Content delivery
Network do we have content in a
hyperscaler that's where the attackers
are looking to attack you now they're
going after all your presences just not
your corporate presences so with our new
product side DNA we Define a covered
space that encompasses all that so we
can see the incoming and outgoing
adversary signals so you have a good
idea what's taking place so if I'm
hearing you correctly the fact that
companies have a more of a distributed
architecture like the cloud like the
home base that creates more attack
points it certainly does right um
business has to continue right we really
don't to some extent have control over
our attack surface right we have to
conduct business but it's incumbent upon
us to understand what that looks like so
with side DNA we're looking at those
global adversary signals we there's
other companies that do a tax service
management they do a great job of that
that's not what we do we're actually
looking at the signals that are coming
into and out of your coverage space to
let you know what's happening one of the
things we're hearing from companies one
of the side benefits of that besides
just simply knowing your adversaries
what type of attacks are taking place if
we think about the level of patching a
large Enterprise needs to do every day
every week every month right there's
only so much time money energy and
effort they can put into it with Sid we
can tell you this is the adversary who's
targeting you with these tools and
techniques leveraging these CBS and
exploits so now as a company I can take
and prioritize that patching over maybe
something else more specific that's
right we're going to help increase your
cyber resiliency all right let's drill
down into the openex product offering
what what are the key features of what
Opex does for clients so we have
products that span all the way from
small medium business Enterprise all the
way up to large Enterprises we have
products that help protect you on your
endpoint with things like web and email
Z we have our bright Cloud product which
is used by a number of OEM vendors for
web gateways and firewalls and then as
we move up the stock we have things like
net IQ we have fortify on demand and
then of course the products I'm more
actively involved with our arite
intelligence and of course what we're
announcing this week side DNA all right
let's look to the future of cyber
security I mean when you look in your
crystal ball what what do you see
evolving in the next oh two to four
years and and most importantly how can
companies get ready for that now it goes
back to a lot of fundamental things
we've talked about right patching it's
taking care of your credentials it's
really the DNA of our company being an
information management company know your
data know where your data is know the
value of your data where it's stored
what's inside of it and then choose the
right things to protect it with right
you'd like to have a holistic approach
to your cyber security but you got to
know yourself first when we look at
where cyber threats are going obviously
generative AI it's having a big impact
on that and actually in our recent
threat report let just come out we talk
about how generative AI is being used to
make fishing and spear fishing much more
effective right the volume that they can
generate on that is significantly higher
we saw that this year we saw volumes go
up you know uh we we quarantined 7.7
billion emails last year we see 700,000
unknown files a day we're going to see
more and more attacks I think what we're
going to see is more coordination
between thread actors they work really
well together they share a lot of
information together and it's only going
to increase right as we move to the
cloud and we see that we get better at
protecting ourselves there the threat
actors are really going to look for a
softer side and today that's our supply
chains so they're really going after
them we've done a number of what we call
situational reports with our sidna
product for customers where we showed
them that they've done a really good job
protecting themselves the adversaries
are not able to Target them effectively
but yet when we expand to their supply
chain and we look at their suppliers we
see that that's where the adversaries
are focusing right I may be a billion
dollar company but I may depend upon a
supply chain of small medium businesses
of 50 less people they're not have the
same cyber resources as I do right but
the sidea product actually allows that
Enterprise to extend that cyber
protection to their to their supply
chain and help them understand the
threats they're seeing and then in turn
better manage their own threats that are
coming into their organization and be
able to protect themselves right if I
can compromise one of your suppliers I
you may have a trust relationship with
them already you may just naturally
accept their traffic through emails sure
and I may never know as the sewer of
that that you've been compromised when
we put the side DNA covered space over
that I then get visibility that you know
what maybe there was an attack by a
threat actor who's going to leverage an
email exploit against me so visibility
is going to be key and abis threat
intelligence is going to be absolutely
vital for that I wonder if we ever get
to a point in the future say five years
from now wherever where you know it's
really we are quote unquote done with
cyber security it's really solved the
Ford is in place we don't need to wor
about it so much will that day ever
arrive is that you're optimistic so I
think that as long as we have
adversaries and the adversaries want to
harm us we're never going to get to that
perfect point I think we can make it a
lot harder for our adversaries by doing
some fundamental things right patch
separation of Duty credential management
all the fundamental things we've talked
about encryption at rest encryption of
em motion things like that but to get
yourself the visibility you need to see
those threats coming use things like AV
AER signal or
Ver Más Videos Relacionados
5.0 / 5 (0 votes)