Podcast Transcription


Dr. Christine Izuakor:
Welcome to the Veriato Insider, a podcast covering some of the latest trends and things to know in cybersecurity. This podcast is sponsored by Veriato, a next generation employee monitoring and insider threat detection software provider. To learn more about how Veriato can help protect your company, check out veriato.com. I'm Dr. Christine Izuakor, your host for today's segment and our topic is about extending security beyond the office perimeter.We all can see that the traditional office has now morphed into this sort of hub and spoke model of increased employees who are working remotely. Of course, the shift to remote work isn't entirely new. Right between 2005 and 2018, there was a 173% increase in the US remote workforce. And then of course, that trend spiked in 2020 when roughly 88% of organizations worldwide encouraged remote work to flatten the pandemic spread. And so the idea of security beyond the confines of the office becomes critical.

And so to dig into this topic, we have a special guest with us today. Ryan Tyson is joining us for the conversation. Ryan's an experienced cybersecurity leader with over 20 years of experience in tech. He's contributed to and led a variety of cybersecurity functions at large corporations like Verizon, United Airlines and Home Depot. So broad range of industries. Ryan holds a Master's degree in information security from the University of Houston. Go Cougs. That's actually how we met. We were in the same program. And Ryan is also CCSP certified. So an abundance of expertise here with us today. Welcome Ryan and thanks for joining us.

Ryan Tyson:
Thanks for the wonderful introduction, Christine. I really appreciate it. Yes, go Cougs. We go back, way back in the day. Yes.

Dr. Christine Izuakor:
It's definitely our pleasure to have you here. So to start and jump right in, tell us more about your background and experience, especially around endpoint and perimeter security.

Ryan Tyson:
Okay. So most of my IT experience really just goes back to my Verizon days and I just got a wealth of knowledge being there with a lot of great smart people and learned a lot about network operations and about endpoints there as well. And I guess way back then security was kind of baked into the general IT job, it wasn't as separated out as it is today. So there was the expectation for developers and system admins to secure their systems where they were building them out. After being at United for a while, I grew from roles that dealt with dealing with VPN, mobile device management, PKI, and then I finally landed into key management realm. Led a small team in the realm of engineering for endpoint security and architecture for endpoint security as well. And today at Home Depot, and I lead the EDR team specifically over the AV and anti-malware threat detection and response. We got a great stock over here and they're doing really wonderful things and expanding and maturing their services. And I'm just glad to be a part of it.


Network security is a growing concern


Dr. Christine Izuakor:
A lot of really good experience, both from you and from the people that you've learned from that you can bring to this conversation. So that leads well into our first question here, which is the traditional office perimeter appears to be a thing of the past, right? And network security is a growing concern. And so what's your take on the latest trends and challenges regarding this topic and this era, and what does it mean to you for network security to extend beyond the office?

Ryan Tyson:
So when I get questions like this, I try to really boil it down to things that are simple. When I think about extending the network security perimeter beyond the office, basically that just means to me enabling all of our coworkers that were in the office or our corporate workforce, to be able to do the same things they were able to do in the office, but now from at home. So they need to have all the same access along with all the same protections and controls that they're familiar with and they're used to having. Only for this time we're doing it for instead of a couple hundred or couple thousand people, will probably going to be tens to hundreds of thousands of employees now, and for an extremely long time.

So we're primarily looking at maturing programs around VPN service and acts as the primary tool that employees are using to get to work remotely now. And before I think a lot of companies, they didn't leverage a ton of VPN service. They may have a few VPN concentrators. And like I said, that can only support a couple hundred or a couple thousand users simultaneously logged in remotely. So now thing like COVID happens, everybody goes home, they need more bandwidth, they need more capacity on those systems. That's what we're seeing. That is a big ramp up right now in allowing them to work remotely.

Dr. Christine Izuakor:
To add onto that, with employees working at home and coffee shops and shared workspaces, I was seriously considering a remote year offer in Hawaii I heard about. And so the bottom line is that people are all over the place, right? And so what advice do you have for professionals, whether it's senior executives or the boots on the ground staff, security engineers, all of those folks who are responsible for securing networks beyond the office in today's world?

Ryan Tyson:
Oh, man it's so much. I have a problem of seeing the forest for the trees and being overwhelmed by it. When you look at all the obstacles that we have to circumvent to really make a successful remote environment and to protect the things that are most valuable to the company. And it's really not a matter of question of technology, because the tools for this type of a behavior, for this type of workforce have always been in place. We've always had things like endpoint management, CASBY, cloud-based VPN solutions, even call based EDR and endpoint security solutions. These things have always kind of been around. Not always, but in the last 10 years have become to be really prevalent in the marketplace. But I think businesses and corporations as a whole, haven't taken the time to migrate their services properly, especially the smaller or mid-level companies too.

So now they have to start looking at those types of services that make them nimble, that make them agile. When they need to change something out swiftly, they don't have to necessarily go in and remove physical servers now. They can just add another service through Amazon or Google cloud platform or things like that. So I think some of the biggest challenges they need to start thinking about that it will be key, is making sure that these systems and things and their endpoints are configured properly. And that's based on the needs of the business and the risk exposure of that of device, of that endpoint. You want to revisit things like, what are we doing for device recovery now? What are we doing for onboarding and off-boarding systems? You may be... Like you said, you might take a job in Hawaii.

So how are they going to get you a new laptop now? Are they going to mail it to Hawaii? Who's going to configure it? So they need to start thinking about things like that. You can't go into the office and pick up a laptop anymore, plug it into the network. They need to think more workstations now I think look more like mobile devices. And we have mature mobile device management tools that are available in the marketplace, but maybe we should start applying them to our workspaces, our laptops, our MacBooks and things like that. We might need to start applying concepts of geo-fencing, remote wipe and app containerization, things like that, that we traditionally only did on iPhones and Android devices. We may need to start applying those types of concepts to our workstations as well.

Think about virtualization. Give somebody a workstation, but their main desktop is a virtualized image that's on prem that they have to remote into once they VPN in. Think about things like device control, USB device control. Do we need all these USB ports enabled or do you want a white list of what devices can be plugged in? And then even beyond that we got user behavior, that's a big factor as well that we have to start thinking about. The way that we use our device at home is way different than what we would do with it in the office. You're not sitting next to your peer. You're not sitting next to a colleague or your boss when you're at home. So people tend to be a little bit more lax in their judgment on what they are willing to browse or what they're willing to use their work device for.

And their personal life kind of collide with their business life and they're sitting in the same room on the same device. So we need to be concerned about all of that. Think about how we want to keep this device in the monitoring state, always on VPN. So it's so many things we can discuss. But some of those are kind of the big things I think that come to mind. And sadly, we got to assume that these networks are already infiltrated and we've got to do the best thing we can just to protect the data. Just from what we've seen in the last few weeks with the FireEye and SolarWinds breaches that occurred. We have several, several US government agencies that have recorded breaches now. Their networks have been compromised and they have been for quite some time or at least [inaudible 00:10:12]

And they say, they trace it back to, I believe, it was March now. And that's 18,000 organizations, I believe, that are in the impact zone for what happened with the SolarWinds breach. So we got to assume that these networks are already compromised and we got to protect the data with other layers of protection. We got to use things like backing up the data properly. We got to encrypt this data. We got to make sure that we use network segmentation wherever we can, isolate your networks. We want to really be diligent about layering the security here and protecting the data as best as possible.

Dr. Christine Izuakor:
Absolutely. I think it's clear, right? There's so many different things to pay attention to. There's so many layers, to your point, that needs to be implemented just to lessen the risk because it's inevitable, right? If somebody will infiltrate or has already infiltrated networks at this point. So you touched on the importance also of just user behavior and noticing the difference there. And so for the last question here, that's a good tie into, I know there've been a lot of advancements, right? With user behavior analytics and with artificial intelligence and a couple of other cool things that we're seeing pop up in the security space. And so I'm interested in your take on where you see the future of network security heading in 2021 and beyond.

The future of network security


Ryan Tyson:
I really like this question. I really like the concept of AI and machine learning and what it's doing to enhance the security tools that we have in place already. It's doing really cool things. It's only going to keep broadening. So when we look at the possibilities of networking as a service, SD-WAN, those types of technologies already exist and we already leverage them and they apply things like elasticity, scalability, resource pooling to the concept of networking, to the concept of router firewall and their implementation and management. We already have SD-WAN, that sort of bridges the gap and makes it so that we can universally manage multiple network and devices and their configurations and think them up. So to add more layers of AI and ML on top of that, we can begin to see things.

And to your point about the behavioral analytics part of it too, we can start to take samples from these networks. Their performance, their activity, that type of behavior and those samples can begin to feed into the machine language and they can become really intelligent networks that find faults on their own, discover attacks on their own and inconsistencies. And then resource bleed where they see where we don't need necessarily this much resource, so we need more CPU over here, we need more bandwidth over here. So these things can be resolved on their own, and that will definitely help networking and the segmentation and security of it become more optimal as they continue to define and configure and fix and optimize themselves. It's kind of scary. It's almost like the Skynet in Terminator. And not to say that it's going to really reduce the human and it will, and it should reduce some of the human effort that's required because along with tons of human effort, you get tons of human error as well.

So the more we remove ourselves from the process, hopefully the cleaner these things will get because managing networks, managing firewall have always been one of the largest issues, especially in big corporations. You start to have thousands and thousands of black lists and block lists and things like that. So AI and ML will make sure that we can control that a lot better and create these cleaner networks. One of the things it also brings to mind, so I kind of follow the concept of chaos engineering. So I think Amazon, a couple of other companies, Netflix uses the chaos monkey and it basically goes around and makes a little breaks in their network, makes a little breaks in their system, cause these baby outages and production, and it helps them to make sure that their fault tolerance's at a very high level.

So they are expecting these things to happen. They look for them, they fix them. It's kind of like a proactive step reinforcing the security and the reliability of your network. So I think we're going to start to see a collision, a lot of these future kind of cool little concepts of AI and monitoring behavior of these networks as if they were an entity in and of themselves.

Dr. Christine Izuakor:
Nice. I love the concept of the... Did you call it chaos engineering?

Ryan Tyson:
Yeah. Yeah.

Dr. Christine Izuakor:
I had never heard of that. That's pretty cool. Well, hey, we have about a minute left. Any final thoughts that you want to add?

Ryan Tyson:
I kind of think weird a little bit sometimes. So it's like throughout this whole pandemic and this all work from home, we've all shifted to being at home and we're focused much more on that security aspect of it and protecting the people at home. And we should. Don't take that for granted, what I'm saying there. But we did leave these big offices behind. Especially for the smaller companies, I think this might be something to consider. You did leave these smaller offices behind empty. So let's take inventory on those offices that are empty now. If somebody happens to get in there, how much damage could it cause if you don't have proper security in place at the office. Did you turn the hotspots off before you left?

Maybe we should rotate those employee passwords who are now on furloughed leave or disable those accounts all together and audit your logs, audit where those point of sale devices that were in the restaurant. Are they locked up or are they still there? Are they on? Especially the smaller companies, I think they have a lot more impact than the larger companies. Larger companies have the resources to handle that kind of stuff but the smaller firms, they have a lot more to consider and I don't want them to lose sight of what they left behind. Make sure those things are locked down and tidied up really nice.

Dr. Christine Izuakor:
Really a good point. Well, hey Ryan, thanks so much for joining us today. That concludes the Veriato Insider podcast. Again, this podcast has been brought to you by Veriato, an award-winning cybersecurity company recognized with the gold award for best insider threat solution of 2020. Their solutions are anchored around four core pillars of cybersecurity protection, including employee monitoring and web filtering, workplace investigations, insider threat detection, and ransomware support. All solutions that companies will need to pay attention to. To learn more about how Veriato can help protect your company, check out veriato.com. Thanks for tuning in and a special thanks to Ryan, again, for joining us today.

Ryan Tyson:
Thanks Christine. Go Cougs.

Dr. Christine Izuakor:
Thanks. I'm Dr. Christine Izuakor, the CEO of Cyber Pop-up, and it has been our pleasure to share these insights with you. So until next time, stay safe and secure Insiders.


Listen To Podcast