CYBER SECURITY
A
guide to the technologies and trends shaping the market
Employee retention through automation
Using XDR solutions to combat fatigue and attract talent
The COVID-19 coronavirus pandemic brought working remotely to a level never before seen in the modern world. While there have been many advantages that have come with remote and hybrid work opportunities, the number of cybersecurity threats have also spiked during this time, and it is generating substantial fatigue and burnout in SOC experts.
“
“ I do worry if we don’t get ahead of some of these problems by using smart technologies that we’ll start to turn people away, and they won’t want to go into cybersecurity
“With the move to hybrid work, we’re seeing many more devices, many more threat vectors, and we really have seen just an explosion in alerts and alert fatigue,” says Kevin Magee, chief security officer at Microsoft Canada. “It’s taking its toll on the workforce, which already has potentially millions of jobs opening. We can’t train and onboard, and we can’t get folks up to speed quick enough to keep ahead of these. So, businesses and organizations turning more to automation to combat this is really the only way we can start to really bridge this gap.”
One way many companies are combatting increased cybersecurity threats and managing the massive waves of alerts is through XDR (extended detection and response) solutions, which equip SOC professionals with intelligent, automated responses.
“The average security organization can have 60 or 65 tools, all of which are really point solutions, and everyone’s watching their own point solutions,” he says. “But attacks don’t work in just one vector or one solution, they cross them. So, these silos are great blind spots attackers can take advantage of and move laterally through their attacks, which can then slow down the overall response. XDR is really meant to resolve that issue. To make all of these point solutions talk to each other and create context, so the defender can respond either automatically or much quicker.”
By relying on automated solutions like XDR to manage simpler
tasks, companies can also make cybersecurity roles more attractive to their current and future employees.
“I do worry if we don’t get ahead of some of these problems by using smart technologies that we’ll start to turn people away, and they won’t want to go into cybersecurity. They’re going to want fulfilling careers. They’re going to want to work on things that really matter, rather than going through logs and alerts. So, this is not only really important from threat posture, or sort of ‘a keeping up with the bad guys’ approach, but also to talent retainment and talent attraction,” Magee says. “I believe the most talented people you want to hire will start to gravitate towards organizations that deploy these tools, that are interested in making these tools available for the individual to work with when they do join the organization, and it will be a retention strategy as well. People are going to want to work in well-equipped SOCs where they can make a difference.”
XDR solutions aren’t just for large companies with teams of cybersecurity experts. Microsoft Canada provides solutions for small businesses as well.
“Asking your dentist to stand up a SOC and run a SIEM and manage cybersecurity for a small office of 20 or 30 people is just not possible,” Magee says. “Technologies like XDR that can be deployed for small businesses are a great opportunity for them to prevent a large portion of the attacks that are coming their way from the onset, and then, perhaps, they outsource or they hire a one of our partners to work with them on some of the more complex challenges or any breaches that would occur. Even a small incremental increase in your ability to fight ransomware, to fight some of these phishing and business email compromises can be the difference between whether businesses stay open or not.”
To learn more about how the advantages of SIEM and XDR, visit: https://www.microsoft.com/en-ca/security/business/threat-protection.
Kevin Magee, Chief Security Officer for Microsoft Canada
October
make sure that it’s not, in fact, relevant. Having those tools is really imperative to be able to get through that information.”
Steering through the data universe
One such tool comes from digital threat intelligence company, Halifax-based Liferaft.
Navigator is a platform powered by Liferaft. The company’s manager of market strategy, Neil Spencer, describes it as a system that is designed to make the analyst’s life easier in the old needle in the haystack scenario.
“It’s multifaceted. It is one big collection and aggregation of that data, so you need the machines to go and find the right content,” says Spencer.
Navigator has machine learning and AI built into it. Its functionality allows users to pick and choose the information that is most pertinent to their investigations, and some of this is done using keyword terms. Once the platform sees that specified information come through, it will elevate that content of interest for the user.
A s Spencer explains, the human is there to validate the information brought before them. At this stage, the security professional would assess the information before highlighting the findings to stakeholders within the organization. This could be done through a report or mass communication, if time is of the essence.
One of the greatest changes in OSINT is the availability of open source data that could become intelligence. Five years ago, people in the field only had what he called a “smattering” of sources centred around social media like Reddit, Facebook and Twitter.
“Now, there is a much more broad array of areas that contain information that can identify threats,” said Spencer.
Since the digital era has been plagued by misinformation, validation of the data collected is a process that requires yet another set of skills.
A s security veteran Bob Riddell explains, analysts cannot take any of the information they find at face value.
OSINT and misinformation
Riddell, whose security career spans more
than 30 years in financial institutions and property management, said security analysts leveraging OSINT need to grow their analytical abilities to counter the rising tide of erroneous data online.
“ Despite being so plentiful, social media already heavily integrates misinformation,” he says. “Not only do they get the information, but you have to go through a process of discerning as to what is fact versus fiction. There’s a lot of sophisticated analysis that has to be done.”
Riddell has contributing to the security industry in multiple capacities, including as the founding chair of the Building Owners & Managers Association Toronto - Security Risk Management Advisory Council. Riddell established his own advisory practice, Riddell Risk Management, in 2020 and is also the director of Consilium Public Sector Services.
Throughout his career, Riddell used OSINT to identify threats in the form of potentially violent protests where protection of private property was concerned. In the area of finance, OSINT became a security tool to identify potential scams.
“ The overarching rule for any analysts moving forward, when they’re reviewing information, is they’ve got to be cautious in their assessments of the data and take steps necessary to cross verify against other sources, so they can make sure of the veracity of that information,” says Riddell, adding that this is of even greater importance if they’re going to be distributing their findings or making recommendations based on their research.
D espite the security challenges that inevitably arise as technology advances, it should be noted that the expansion of OSINT has also meant opportunities for growth.
The development of Edmonton-based AI and big data company Samdesk is almost a direct correlation of this expansion in open source information.
The earliest signs of a threat
Samdesk founder and CEO James Neufeld describes the green stages of his career in newsrooms, when he held a technical, behind-the-scenes role, assisting journal-
ists with breaking news by scouring social media for the first signs of an event.
In the years that followed, Neufeld would build a company similar to that role, however, his company would use AI to monitor data at the global level and help identify the earliest signs of a threat to different stakeholders. Currently, Samdesk’s portfolio includes corporate clients, NGOs and public sector organizations, among others.
The company’s sources have expanded to include reports from community-based journalism, satellite imagery, audio sensors, live streaming data, textuals and footage uploaded from the mobile devices of bystanders.
Neufeld says the goal of Samdesk is to give its users the most robust and raw data from multiple angles so that they have the richest possible view of events as they transpire on the ground.
“ We’re now in a unique position from an information and situational awareness standpoint that we’ve never really had in human history, where everything is being documented from numerous angles in near real-time, or often in real-time,” says Neufeld.
Of late, the company has integrated its technology with travel management tools to provide travel managers and security managers with alerts. Samdesk has also integrated with enterprise resource planning software to assist companies with their supply chain management.
For Neufeld, human intelligence is not only a critical component in the analytical stage but also in the actual building of the platforms. Neufeld explains that data scientists and engineers are responsible for the creation of systems that can identify items of significance using AI.
Currently, Samdesk is also using its platform to collect data on events in Ukraine to supply Amnesty International’s investigations and documentation of the conflict for human rights abuses.
“It becomes a really powerful data set where we don’t have to rely on official government bodies as much as we once did. We don’t have to rely on the assessments of individual analysts and their view of the world.” CS
COMMIS SION AIRES
CYBERSECURITY
CANADA'S PREMIER SECURITY SERVICES PROVIDER
Discover how our experienced Commissionaires du Québec team can become your armour in the face of cyber threats. Our cybersecurity services and arsenal of solutions include monitoring, defence, investigation and training tools based on the most recent advances in cybersecurity.
Specialized in defensive security (blue team), our team can monitor your network, servers, websites, endpoints, clouds, industrial control systems as well as your smart devices and Internet of Things (IoT).
Our experts possess various certifications recognized in the cybersecurity sector (CySA+, GSEC, CEH) and have worked in various vertical markets over the course of their careers. Our IT and data security solutions are world class and adapted to this ever-changing sector.
VULNERABILITY ASSESSMENT
Discover the potential holes in your website or your IT park before malicious digital pirates do. Our vulnerability detection application prioritizes potential risk, defending you beforehand.
// Vulnerability scan on a customized frequency basis with Taegis VDR
// Automated discovery of new devices with a network offering visibility on your access doors
// Creation of remediation plans;
// Prioritization of discovered vulnerabilities in relation to their context and severity
// Solution powered by machine learning, artificial intelligence and data science
// Deployment of treatment services on-site, on the cloud or by virtualization
SURVEILLANCE AND INTRUSION DETECTION
With access to our Security Operations Center (SOC), our cybersecurity analysts study the deepest corners of your network to prevent and block digital threats. You are thus protected from losing control of your sensitive information and from cyber attacks via our IT monitoring service.
// Team of analysts specialized in responding to cyber incidents
// Prevention and detection services based on signatures;
// Detection tool and detailed oral response to network security events, IoT or cloud on a unique dashboard
// Escalation process and incident verification (sorting, surveillance, reports)
// Anonymous threat sharing system
//
CYBERSECURITY AND THREAT ANALYSIS
Protect your employees and resources thanks to our team of cyber investigators. Our data and social network as well as dark web analysis including our automated threat alerts become your digital armour in cyber monitoring.
// Navigation of the dark web and deep web for corporate information or sensitive personal data from open sources (OSINT)
// Detection of data leaks or dumps unique to your organization
// Forensic services and cybersecurity analysis (malicious software) in a controlled and isolated environment (lab)
// Certified private investigators by the Bureau de la sécurité privée (Bureau of Private Security) for infiltration and investigation
// Privileged contact among provincial and federal police forces
CONSULTATION SERVICES, TRAINING AND CONFERENCES
Would you like customized training, are looking for conference speakers or have specific needs that require the utmost discretion? Our cybersecurity solution specialists will know how to create a proposal customized for you.
// Customized training relating to IT security, governance, cyber resilience, and data security (Bill 64 and Bill C-11)
// Workplace conferences concerning the best practices including issues more specific to cybersecurity
// Guidance during cybersecurity audits to obtain certifications (ISO 27001/27002, PCI DSS, NIST)
LEARN MORE
contact@cccmtl.ca
Security Control Room Productivity
Furniture Makes a Difference
For security professionals around the world, the control room is arguably the most important tool needed to successfully complete the job. A well-built control room is an extension of the operator, providing optimal support through purposeful design and advanced technology.
Comfort, durability, ergonomics, technical features—these are all important considerations that need to be assessed when selecting security control room furniture. Engineering an effective control room takes knowhow and support.
Office Furniture Versus Technical Furniture
When building a control room, it’s important to understand the difference between technical furniture and run-of-themill office furniture.
Quality, durability, cable management, easy access, and ergonomics are key differentiators between average office desks and technical furniture.
Quality and Durability: Typical office furniture is used 2,080 hours a year, where control room furniture is used 8,760 hours a year.
Technical furniture is built for durability and is typically found in intensive, operational environments, such as emergency dispatch centers and control rooms, which utilize the workstations 24/7, 365 days a year. This type of furniture must be up to the task; the quality of its surfaces, hardware components and accessories must perform at a level that exceeds the expectations of a typical desks.
When regular office furniture is exposed to atypical use, such as in 24/7 operations, you can expect premature wear and tear, resulting in additional costs.
Cable Management: Traditional office furniture typically only has keyboards, a mouse and monitor cables to house and manage. On the other hand, a continuous workspace has very large cable challenges.
Technical furniture is best suited for housing and managing large quantities of computer, audiovisual, communications or medical equipment and the associated peripherals. Unlike traditional office furniture, technical furniture is equipped with advanced cable management systems. This
helps reduce clutter in your control room and makes it easier to access and move equipment.
Easy Access: With so much technology and peripherals being packaged into technical furniture it’s imperative that there is easy access to cables, plugs, CPU’s, monitors that are essential to running the business. This is often overlooked and without easy access valuable time can be lost trying to add new piece of technology.
Ergonomics: The most significant difference between office furniture and technical furniture is ergonomics. Traditional office furniture is designed to support users during a typical eight-hour workday. Technical furniture, on the other hand, is built specifically for 24/7 environments and is engineered to support operators in industries where focus and productivity are critical. Proper ergonomics leads to superior situational awareness, allowing operators to keep their mind in the game.
Finding the Right Console
When building or updating a security control room, you must assess room size, number of operators and technical needs (e.g., monitors, table space, etc.). You can start this assessment and your design process by using tools such as Winsted’s free WELS software. WELS is a user-friendly program that lets control room managers quickly design a solution that meets their needs.
Winsted’s new Vue Workstation is easily configurable for all environments and comes in static or height-adjustable options. These configurable workstations offer different widths and connecting cabinets for multi-operator solutions.
The Sightline Console is the ultimate in configurable and modular design and is offered in static or height-adjustable versions, as well as two different console depths. These configurable consoles come with concave and convex corners to create solutions that fit any room size.
Both the Vue Workstation and Sightline Console offer multiple work surface options, cable management, and open or closed design.
Mission critical furniture should be an extension of the human form. The ultimate form of function seamlessly integrating into any workspace is critical. And our mission. Distraction minimization. Focus maximization. At Winsted, ergonomic comfort isn’t just a feature, it’s a requirement. This is mission comfortable. This is productivity by design. Begin the mission at winsted.com
