I spoke with Paul Reid, Global Head of Threat Intelligence at OpenText, about strategies for thwarting cyberattacks that are highly coordinated and use sophisticated technologies.
The problem with today’s rapid tech innovation, of course, is that hackers also benefit from the advances. “As we’ve seen companies move to the cloud, leverage supply chains more, and look at federated identity, the threat actors have paid attention to that,” Reid said.
These threat actors “are really thinking about it more holistically: how can we focus on you and the type of business you do, the type of things you use in your business?
“For example, if I can compromise your supply chain, then I can indirectly influence your ability to do business or conduct operations. The type of threats they’re using are very different than what we saw before. They’re a lot more coordinated. They’re spending more time doing reconnaissance. They’re spending more time doing open source intelligence on you to understand [what solution] you’re using.”
Watch the full interview or jump to select interview highlights below.
Interview Highlights: Paul Reid on Navigating Today’s Cyberthreats
This interview took place at the recent RSA Conference in San Francisco. The comments below have been edited for length and clarity.
Improve Cybersecurity by Understanding Global Signals
“One of the things we’ve done a great job on, especially most recently, is we always recognize the importance of the endpoint, the laptops, the desktops, the servers, because that’s where the attackers want to get to.
“What we’re seeing now in these next generation threats is that we need to start looking at global adversary signals. So we’re looking at the concept of adversary signal threat intelligence a little bit differently than traditional threat intelligence. Traditional threat intelligence says here’s what the adversaries are doing, here’s the type of TIPs (threat intelligence platform) they’re using, here’s where they’re operating, here’s the verticals they’re focusing on.
In contrast, with the OpenText solutions, “we tell you what’s happening to you now. So you don’t have to guess, am I being attacked by this adversary or a different one? We’re saying: this is the adversary that is attacking you today.
“So when we do that, we give you additional visibility. The big thing is that we want to look beyond our borders, right? So again, EDR does a great job at looking inside. Now we’ve got to look out, and so what we’re asking companies to do is work with us to define what we call a covered space, a protected area of their company that encompasses not just their main corporate, but also things like, do we have content in a content delivery network? Do we have content in a hyperscaler? That’s where the attackers are looking to attack you.
“Now they’re going after all your presences, just not your corporate presences. So with our new product, cyDNA, we define a covered space that encompasses all that. So we can see the incoming and outgoing adversary signals. You have a good idea of what’s taking place.”
The Future of Cybersecurity
It’s likely that cybersecurity will remain challenging into the future, Reid said. “I think that as long as we have adversaries and the adversaries want to harm us, we’re never going to get to that perfect point.”
However, “I think we can make it a lot harder for our adversaries by doing some fundamental things, right? Patch, separation of duty, credential management, all the fundamental things we’ve talked about, encryption at rest, encryption in motion, things like that.
“But also, get yourself the visibility you need to see those threats coming. Use things like adversary signal analysis to understand what your adversaries are doing. It’s still important to have your threat intelligence. You absolutely need that, but you also need to know exactly what’s happening to you. The more visibility you provide yourself, the better chance you have of being protected.”