“The Biggest Value of It Ops to Cybersecurity Is in Their Ability to Resolve Incidents Effectively as Well as Providing Awareness of the Full Attack Surface With Understanding of Business Impact.”
Hi Chris. Please tell us about your role as CISO and the team / technology you handle at Netenrich. How did you arrive here?
My role is to ensure Netenrich is not the supply chain compromise that disrupts our customers digital operations, and that the Netenrich operations platform and services our customers trust us to provide are resilient to adversity that would disrupt and damage their business.
As a highly mature IT Operations company, I was impressed with NetEnrich’s ability to scale, automate, and measure efficient operations and incident resolution process. All that at a cost/performance ratio which amassed thousands of customers and incredibly high retention rates. These are qualities of digital operations most SecOps teams are still trying to figure out. Netenrich naturally pivoted into SecOps to ensure the protection and availability of those thousands of customers business dependent digital operations.
I was offered a unique opportunity to assist in guiding that SecOps journey, while improving my own understanding of what is an efficient and effective operations from the years of experience present within the people who built Netenrich.
How has the role of the CISO evolved during the pandemic? How did your previous experiences with technology management help you scale your efforts and meet unprecedented challenges?
Best practice for security strategy today is based on a fundamental assumption an attack can be prevented with enough control of the attack surface. Yet the attack surface across every industry has been expanding dramatically for quite some time due to cloud, mobility, IoT and remote access services. Controlling its entirety was already a losing proposition. The pandemic just made that obvious. Prevention as a strategy is futile.
Companies that have purposefully developed capabilities to tackle ambiguity and unpredictability – in a word, resilience – are the ones that not only survived but thrived during the pandemic. Aligning security strategy with business resilience is the pivot every CISO now needs to make as uncertainty will continue to be the reality of the organization operating environment. For cyber resilience, that means to accept and assume adversity will occur and to consider the impact and implications of providing continuity of services during that adversity. Instead of prevent breach, the strategy is reducing the impact.
Can you tell me a little more about Netenrich? What exactly is Resolution Intelligence and how does it fit into the current security universe?
Netenrich is a managed security & infrastructure provider with 13+ years’ experience helping 6000+ businesses establish and operate world-class and cybersecurity operations. Our deep operational expertise, 24/7 coverage, and unified threat and infrastructure intelligence empowers leaders to focus on the most important security priorities and incidents.
Security operations needs context awareness to ensure the success of business initiatives in a world of advanced, targeted attacks. Netenrich empowers security, IT and cloud operations to thrive during adversity with adaptive incident resolution using real time, data driven risk and trust-based decision making. The Netenrich Resolution Intelligence platform streamlines the process of managing, analyzing, and fixing the root cause of incidents to prevent future disruption.
As the CISO of a Cloud-native IT ops service provider, how do you keep your own company protected from security risks?
I think about not just the almost 1000 employees of Netenrich, but also the security of the thousands of organizations we serve. Netenrich is either part of or managing some aspect of digital operations, from Network, IT and Security operations, for thousands of customers. Our biggest risk is being the supply chain compromise or disruption to those organizations business operations. This is the primary problem I think about and how the two roles of internal security and security operations strategy are connected.
What are the major security challenges for IT-driven companies that have erupted in the recent times? How can IT Ops automation models transform the business outcomes?
Scale of the attack surface and the need for continuity. Security strategies were not built to scale for supply chains, distributed workforce and to endure unknown adversaries already inside the organization. The biggest value of IT OPS to cybersecurity is in their ability to resolve incidents efficiently and effectively as well as providing awareness of the full attack surface with understanding of business impact. Business context is missing from many SecOps and MDR programs and is key to differentiating between a threat and a risk. Not all threats are critical, and it is the critical threats that hurt the most.
What kinds of IT frameworks are most susceptible to cyber-attacks? How does Netenrich ensure protection to digital assets?
Frameworks are guidelines and recommendations. There is no guarantee of effectiveness for following directions. It is like cooking from a recipe card. Two people will produce different outcomes. It is the comprehension of the tasks and the contextual awareness of the environment of the chef that influences the quality.
What kind of tech capabilities should we be talking about while evaluating the role of AI in security?
I hope a lot of the hype of AI settles down as people start to get a better understanding of the value of machine intelligence and how to apply correctly as a form of augmentation to human intelligence. Many vendors embellish their claims based on the use of a few models applied to some specific use. Inversely, it could be the over fitting of a model to solve a broader set of problems than intended.
There are tasks well suited to machines – those that are big data problems requiring long term memory of systems and behaviors. There are also tasks well suited to humans – those that require critical or creative thinking for problem resolution. Machines reduce the workload of the tedious work so that humans can focus on artisan work. This is useful in Security Operations to enrich data for context and to provide a consistency for incident response processes between analysts of differing abilities. The machine is able to perform as the human analysts long term data retention across a much larger dataset to extract meaningful context to evaluate intent and best course of action.
Technology leveraging machine learning should be specific and predictive in a way that human intuition on its own cannot be. I am suspect of a system with a lack of numeric results that explain how it derived an outcome.
What is your prediction for the future of AI in Information Security? Can you provide your take on IOT, 5G AND RPA technologies that could complement AI in the future?
I think less about how new technology like IoT and 5G help security and more about what impact will they have on securities ability to manage risk.Digital transformation is driving an expansion of the attack surface due to the adoption of all these technologies. The role of security is to enable the business to adopt new technology.
The expanding attack surface is a big data problem well suited to machine learning techniques for data reduction and probability scoring for threat modeling, detection and incident resolution capabilities. We will continue to see the application and growth in how machine learning is applied to normalize the time and talent issues present in cybersecurity to allow a higher level of capability per analyst.
Tag a person from the industry whose answers you would like to see here:
Daniel Basile, CISO Texas A&M University System and Executive Director for Texas Statewide Cybersecurity Services
Thank you, Chris! That was fun and we hope to see you back on itechnologyseries.com soon.
[To participate in our interview series, please write to us at email@example.com]
As Chief Information Security Officer at Netenrich, Morales oversees the strategic development, implementation, and market execution of the company’s security solutions and processes. Morales brings to Netenrich over two decades of information security experience, most recently leading advisory services and security analytics for Vectra AI. Throughout his career, he has advised and designed incident response and threat management programs for some of the world’s largest enterprises. Morales has held roles in cybersecurity engineering, consulting, sales and research. Prior to his role at Vectra, Morales held roles at HyTrust, NSS Labs, 451 Research, Accuvant, McAfee and IBM. He is also currently a council member with CompTIA Cybersecurity and advisory board member for Saporo.
Netenrich delivers complete Resolution Intelligence to transform digital operations into smarter business outcomes. With fifteen years’ innovation across NetOps, SecOps, CloudOps, and AIOps, Netenrich applies a dynamic mix of machine and expert intelligence across a wide range of SaaS-based offerings. The solutions integrate with more than 140 market-leading IT and security applications to drive digital transformation, mitigate brand exposure, increase efficiencies, and bridge skills gaps. More than 6,000 customers and organizations worldwide rely on Netenrich to gain increased visibility and actionable intelligence across their IT and cloud networks. The company is privately owned and based in San Jose, California.