How to Assess the Risk of Not Investing in Cybersecurity?By Andrea Villar | Fri, 11/06/2020 - 05:00
Q: What is FireEye's added value in the increasingly competitive cybersecurity industry?
A: A great differentiator is all the consultants we have worldwide. When there is a security breach or a large incident, most companies call FireEye. We have a unique level of knowledge regarding techniques, tactics and procedures of cybercrime groups. We have real-time information that other companies simply do not have and we can use that not only in our solutions but in our other services.
Beyond that, we have an intelligence area with more than 200 analysts worldwide who are constantly studying the activity of these groups. In fact, in several FBI investigations, they already use the names we assign to the Advanced Persistent Threat Groups (APT). We analyze their tactics, techniques and procedures and our clients can benefit from that. For example, at the beginning of 2020, the US launched a cyberattack against Iran, which was immediately followed by a threat against American companies. The benefit for our clients is that they already had our intelligence and knowledge and had the ability to protect themselves from those attacks.
Q: How does FireEye assess companies’ readiness to ward off an attack and how does it implement its solutions afterward?
A: There are two ways in which we can make a validation. Our own consultants can perform tests against the company environment and also through a Red Team, Blue Team or Purple Team scheme using the FireEye’s Mandiant Security Validation tool, which replicates real attacks using the techniques and procedures of cybercriminals.
It is not just a matter of breaking in but of replicating the entire attack process in any area of the company, whether the cloud or the e-mail service. When we finish the attack, the client not only knows if he is vulnerable or not but what the risk areas are and a roadmap to address these. This is not merely a question of implementing various security schemes and solutions and assuming that companies are going to be protected. Clients can really verify this with our solutions, which is important for board directors and all security professionals who have to constantly demonstrate to their bosses that decisions and investment are backed up.
In the US, for example, a public sector client contracted a cybersecurity solution through a tender but called us to validate the tool. It turns out that the level of effectiveness of these firewalls was initially less than 30 percent. This was not because the solution was not good but because of the configuration, which we helped to optimize until the effectiveness level rose to 75 percent.
Likewise, due to the pandemic, companies are under more pressure than ever to optimize their costs and validation can simplify this. The average enterprise today has 30, 50 or even 100 different security solutions in its network and that means there is an overlap of solutions. However, sometimes it is difficult to know which solutions to remove. Through validation, companies can picture different scenarios and ensure that the decisions they are making to optimize costs are correct. If companies can confirm that they are exposed to some kind of cyberattack, they can also visualize what is at risk and what they can lose.
Q: How do you raise awareness among companies regarding cybersecurity?
A: The gap in awareness between companies in the US and Latin America is large. Obviously, there are several companies and government entities that have a budget allocated to cybersecurity and appreciate it. But unfortunately, in most cases, budgets are not as large and the level of awareness is not as high. Although the security manager in a company may know that they have to invest more, they do not have the budget. By having to comply with certain regulations, companies buy the best possible cost-benefit solution in the market but this does not mean that they are really protected. The proof of that is in the attacks, which are on the rise.
Q: How does FireEye adapt to different company budgets?
A: Today, there are solutions for companies of all sizes and they can be good enough. However, in Latin America, it is quite common to have market research and strong negotiations and even reverse auctions when hiring a cybersecurity solution. This is also a barrier. I do not think there is a job in the world where more stress is generated than in the IT department. They live a nightmare almost every day and are aware of the risks, while executives only see the money they are spending and always expect a return on investment. If they do not really understand how vulnerable they are and what they have to do, they will always limit their budget because their responsibility is to accelerate the company's growth. But without a solid cybersecurity strategy, everything can be lost overnight. It is only when companies are under attack that the budget for this area increases.
FireEye is among the leaders in cybersecurity. In addition to offering technological tools to stop cyberattacks, the company has a team of analysts on the front line to detect and study cybercriminal groups