Infosec Teams Must Act and Think Differently to Combat Adversaries - Image by Gerd Altmann from PixabayI have been following, with interest, the attacks on the Australian Government. They have led to quite a bit of publicity and debate around who the culprits are behind the cyberattacks. Australian Prime Minister, Scott Morrison, confirmed the attacks were widespread across “all levels of government” including in essential services and businesses.

In July, he announced that $1.35 billion in existing defence funding would be spent over the next decade to boost the cybersecurity capabilities of the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC). Additionally, the Federal Government wants to create more than 500 new jobs in its highly secretive cyber intelligence agency. It is part of Australia’s largest-ever investment in cybersecurity. Organisations and governments are under incredible pressure during the outbreak of COVID-19. Many nation-state actors have seen this as a perfect crisis to exploit.

Why Intrinsic Security is so important

Even before COVID-19 hit, there was no doubt that attacks are becoming increasingly sophisticated. Research, through our Global Threat Report series, informed us that the number of cyberattacks, breaches and the sophistication of attacks is higher than ever. Today, increasingly elegant attack platforms and techniques are being shared amongst the criminal community. Unfortunately, the infosec industry is not responding fast enough.

Part of the problem is that too many products and agents deployed across an organisation make security management complex. Security does not need another new product. What it needs is an innovative approach. One that combines visibility into apps, networks, users and devices with advanced threat detection and response to deliver a unique intrinsic security approach.

Users have to defend themselves at home

As a result of COVID-19, we are seeing users having to defend themselves at home. Actions they take to ensure business continuity and resiliency only increase the attack surface. So how do we retrofit security onto that? The simple answer is that we cannot; it needs to be built-in. Back to my earlier point – it needs to be intrinsic.

Earlier in the year, we attended the RSA Conference and unveiled our vision for intrinsic security. It is a safer, more effective security built into the fabric of the various infrastructure control points that are vulnerable to attack (endpoint, identity, network, cloud, workload and so on.)  Here at VMware Carbon Black, we believe that by building security intrinsically into the fabric of the enterprise – across applications, clouds, and devices – teams can significantly reduce the attack surface, gain greater visibility into threats, and understand where security vulnerabilities exist.

In parallel to this, security teams must also work in tandem with the business. We must shift the balance of power from attackers to defenders. They must collaborate with IT teams and remove the complexity weighing down the current model and how they do things.

The importance of testing

So why has the industry not addressed this problem until now?

Again, we can make further parallels with COVID-19. We did not know how big the problem was because we were not testing enough. Now we can see all the breaches in our systems that already exist. We did not have the right data to measure, meaning much was being missed. We had some anecdotal evidence, but with better visibility, better testing, and an intrinsic approach, this has revealed that our historical take on infosec was incorrect.

This lack of data has given us a false sense of security. As an industry, we rush to build technology platforms. Then we rush to launch them, and we do not rigorously test them. The result is that we find these technologies are fundamentally insecure and flawed, and this needs to change.

Infosec teams need to think and act differently

In tandem to this change in approach to how we build technology, infosec teams need to think and act differently. They need to be more proactively hunting down threats, pre-empting the adversary’s next move.

For example, let us look at what we can learn from how a Secret Service agent investigates financial crime and/or protects dignitaries and how we can apply this to cyber. As I mentioned, infosec teams must anticipate threats, and they must follow the data, just like they follow the individual. Secret Service agents are trained to think differently and to think like the enemy. They must at once react to a threat because they assume there is more to a threat than that one individual.

So how do we apply that theory to incident response and infosec teams and the modernisation of incident response? Over the last few years, it has become clear that our enemies are emboldened and becoming more aggressive. We must shift thinking and tactics to begin to turn the tide. I believe it is fundamental that cybersecurity professionals take a page from the annals of a secret service or military agent to understand better how to combat threats. Defenders need to modernise their cybersecurity strategies and their approach to security technology to stay one step ahead of adversaries.


VMware Carbon Black is a leader in cloud-native endpoint protection dedicated to keeping the world safe from cyberattacks. The VMware Carbon Black Cloud consolidates endpoint protection and IT operations into an endpoint protection platform (EPP) that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analysing billions of security events per day across the globe, VMware Carbon Black has key insights into attackers’ behaviours, enabling customers to detect, respond to and stop emerging attacks.

More than 6,000 global customers, including approximately one-third of the Fortune 100, trust VMware Carbon Black to protect their organizations from cyberattacks. The company’s partner ecosystem features more than 500 MSSPs, VARs, distributors and technology integrations, as well as many of the world’s leading IR firms, who use VMware Carbon Black’s technology in more than 500 breach investigations per year.


Please enter your comment!
Please enter your name here