BRIAN FAWCETT (BF): Ransomware attacks hit record numbers this year, and there are no signs of it slowing down. I'm your host Brian Fawcett and this is IT Availability Now, the show that tells storeys of business resilience from the people who keep the digital world available.
According to recent research, there were nearly 305 million attempted ransomware attacks in the first half of 2021, which has already exceeded 2020’s full year total. In the US alone, ransomware attacks are up 185% year over year. While businesses have likely taken some measures to protect themselves, most are much more vulnerable than they realise.
On this episode of IT Availability Now, we have Shawn Burke, Chief Security Officer at Sungard Availability Services and Shannon Davis, Global Partner Security Expert at Alert Logic. They're here to discuss the most critical technology components that every company should have in their security programme, as well as a new development from Sungard AS and Alert Logic that will allow businesses to take a more proactive approach to cybersecurity. Shannon and Shawn thanks for joining us today.
SHANNON DAVIS (SD): Thanks so much for having me.
SHAWN BURKE (SB): Yeah, it's great to be here today, Brian.
(BF): So let's jump right in. We all know ransomware attacks are running rampant and organisations must proactively take preventative steps or risk being the next victim. My first question is what technology should all businesses implement to stay on top of these potential threats? And Shawn, maybe let’s start with you.
(SB): Sure. The defence-in-depth mantra is certainly still relevant. It's always a good starting point. I mean, they should have a layered approach which includes network intrusion detection and those endpoint protection capabilities. Now, this traditional approach is sometimes not enough, with the prevalence and sophistication of today's cyber-attacks. I mean, businesses need to consider changing their IT security tactics to have that 360-degree view of their security landscape, from network, all the way down to those endpoints. And this is where managed detection response (MDR) comes into the picture. MDR provides organisations with those tools to effectively identify, analyse and respond to cyber threats before they disrupt the business. In addition, organisations can quickly stand up an MDR solution which remotely accesses the network to provide 24 by seven coverage and access to expertise that would be extremely difficult to find.
(SD): You know, Shawn, I agree 100%. An effective MDR solution really has to address the drift and the dwell, the visibility and the detection, the left of boom, the right of boom. Really that pre-breach mindset, and then also what you do post-breach because breaches can and will happen.
(BF): And that makes a lot of sense. Shannon, what other key components do companies need?
(SD): Well, let's start with MDR. So, the defining characteristic of MDR is really, it's focused on delivering a meaningful security outcome. And what I mean by that is an outcome that's designed to ease that pre-breach or left of boom and post-breach or right of boom concern. It has to be a holistic view. So companies need to start with maximum visibility into their environments, and the ability to detect and respond to threats, coupling that with the capability to minimise the impact of vulnerabilities, configuration issues or misconfigurations and cyber-attacks.
You have to remember that prevention is never 100% effective because you always have the human element or you know, sometimes IT folks joke, the layer eight vulnerability. And that's because people are going to click on an email or respond to something they shouldn't, download something they shouldn't. That's why it's so important to have detection and intelligence because those are required to stop those attacks before they reach the end of that cyber kill chain.
(BF): It sounds like managed detection and response enables you to respond quickly and more accurately to cyber threats in giving you more control and ability to protect your IT systems and data, as well as your brand. Shawn, what else can you share here on this topic right now?
(SB): Yes, the one other thing I'd add is, it's really critical that organisations have a strong incident response plan that details the actions for every step of an attack, as well as a comprehensive data recovery plan. Both of those should be well tested. I mean, should you be hit with an attack, this will help minimise the impact. It's not necessarily technology but it plays a huge part in an organization’s cybersecurity programme.
(BF): And it actually speaks to one point that Asher de Metz, one of our other cyber security experts here at Sungard AS, always makes, which is that companies should invest the money and resources upfront, to implement the right technologies to prevent attacks from happening in the first place and then a strong incident response plan to minimise disruptions if they do. And this will ultimately save you money and a big headache in the end.
(SB): Yeah, definitely I mean from a reputational standpoint, businesses are judged on how they prevent and respond to those inevitable security events.
(SD): Yeah, and Brian I'll add that first of all, I couldn't agree more with what you're saying. And I think that when you look at the current cyber threat landscape, many, many, many companies should be asking themselves if they can afford not to invest in security through the lens of, “Will we even be here if we don't?”
Here in the United States, 60% of SMBs go out of business within six months of a successful cyber-attack and on top of that, only 5% estimate that they can survive an attack without suffering some sort of damage to their business.
(BF): So, a lot of organisations are looking for better ways to stay on top of the potential cyber-attacks and be more proactive in defending themselves. I know Sungard AS and Alert Logic have been working together on new ways to solve that problem. Most recently, Sungard AS added Alert Logic’s managed detection and response services to its security portfolio. Shannon, can you give us a brief overview of what Alert Logic’s services enable organisations to do?
(SD): Absolutely Brian.
Alert Logic MDR, or managed detection and response, really provides full hybrid coverage. So to simplify that, we can monitor systems wherever they reside, provide a common view, and an approach that really allows you to compare and understand your security posture and your threats across all of your systems and all of your environments, whether you're on-prem, colocation, private cloud, public cloud, hyperscale public cloud, you name it, and to see it all on a single pane of glass.
While we're monitoring your systems for you, like we talked about earlier, we're trying to reduce dwell time, but also those response times. We want to be able to detect threats and risks before they can cause you any harm. And we do that, not only with the tools like a network-based intrusion detection system or collecting logs or looking at endpoint protection or file integrity monitoring or so many other components, but we also have security experts that are working 24/7 in a globally distributed network of SOCs, or security operation centres, and they're the ones that are detecting, disrupting and eliminating attacks with some sort of actionable plans.
In addition to protecting your infrastructure, your networks and your endpoints, we also collect and store your logs. We parse them, we tag them, we make them searchable. We extract security value from them. We have them available for forensics purposes, but we also have them available for any sort of compliance or auditing purposes that you need so MDR provides audit ready reporting. We've got awesome dashboards with view-at-a-glance insights for so many different elements of security, and we have several third-party integrations as well so all the major firewalls, antivirus, even if you're worried about connecting to Amazon S3. We can integrate with all of it.
(BF): It's fantastic and Shawn, what does this mean for Sungard AS customers? How will this help them improve their security posture?
(SB): Yes, over my two decades of experience with managed service providers and being in the security area, I think cybersecurity has really become top of mind for our customers and businesses have become more cognisant of these threats and evolving security demands. I mean, the threats are only escalating and they're becoming more and more serious. On top of that, many of the organisations were challenged with overcoming, you know, those security specific skill shortages, and how to ensure they're investing in that right security solution.
This partnership with Alert Logic really allows us to offer our customers protections for before and after an attack. And as you heard from Shannon earlier, I mean, they get a single pane of glass to be able to see their entire threat landscape, the health of their environment and the right technology and support tools identify those threats in advance and respond accordingly. As Shannon pointed out, it's all about the outcome. So customers will also have safeguards tailored to each asset ensuring the right coverage and desired security outcome. Basically, a complete security route, regardless of their platform journey.
(BF): And what made Alert Logic the ideal partner for this?
(SB): Alert Logic, you know, they're a recognised leader in providing security and client services, with well over 18 years of experience. We've already had a long-standing partnership and great partnership with Alert Logic for over 10 years as well. They know Sungard AS’ environment offerings very well and really understand what our customers want and need.
(SD): Shawn, I just want to piggyback on that and say that, you know, at Alert Logic we really believe that security is a partnership, both the partnership with that end customer that we're protecting and a partnership with Sungard AS and we are pleased to partner with Sungard AS to enable your customers to quickly implement best-in-class security across all of their environments. And keep in mind, they're not only receiving a robust set of security tools, but they're also receiving 24/7 security operations and expertise. That human element is a true differentiator and an extension of their team.
(BF): That’s great. As ransomware attacks continue to soar, businesses must take more proactive measures to ensure their safety, starting with MDR, proactive vulnerability scanning and a strong well-tested incident response plan. Sungard AS’ new advanced security solutions, powered by Alert Logic, offers you the ability to identify behaviours and actions taking place in your environment, in real time. The quicker you can move to identify a threat, the better chance you have to reduce the damage the threat may present. Shannon and Shawn, thanks for joining us today.
(SB): It was great to speak with you.
(SD): Yeah, thank you both for having me. I really enjoyed it.
(BF): Shawn Burke is Chief Security Officer at Sungard Availability Services, and Shannon Davis is Global Partner Security Expert at Alert Logic.
You can find the show notes for this episode at SungardAS.com/ITAvailabilityNow.
Please subscribe to the show on your podcast platform of choice to get new episodes as soon as they’re available.
IT Availability Now is a production of Sungard Availability Services.
I’m your host, Brian Fawcett, and until next time, stay available.