Four Quick Questions with Cybersecurity Expert Ron Gula
Four Quick Questions with Cybersecurity Expert Ron Gula
We sat down with Ron Gula, the president of Gula Tech Adventures, to ask some pressing questions about cybersecurity. Ron is also the Co-founder of Tenable Network Security, a world leader in vulnerability management, Co-founder of Network Security Wizards, which produced the Dragon intrusion detection system, and is knowledgeable in many aspects of cyber security including public policy, intruder techniques, privacy, compliance & security technologies.
What are your concerns regarding the next generation of cyberattacks?
RG: My largest concern are attacks against the cloud. If your cloud sales, support, email or communications system had a breach, we don’t have a set of sensors and incident responders who understand how to detect and mitigate these. They will be silent and we need to trust our cloud vendors to do it for us which is very uncomfortable.
I’m also concerned that it is so easy to fund a cyber offensive team. We will need to defend against direct attacks, and indirect attacks in the form of fake news. Targeting of key employees with embarrassing rumors, political associations, putting them in situations where they can stick their foot in their mouth is a form of warfare that has been practiced for 1000s of years, and now the Internet and Social media makes it very easy to target leaders of rival companies.
How can we defend against the various strains of Ransomware which have been prevalent over the last 18 months?
RG: Ransomware works at scale because there are a large percentage of companies that are easy to get the malware to not only deploy, but detonate and encrypt their target hard drives. Organizations who have not invested in basic cyber hygiene, (patching, access control, backups, etc.) are sitting ducks. Solutions like CryptoniteNXT are a great way to limit your internal attack surface while not impacting your user’s experiences. The east-west network visibility provided by Cryptonite is also a great way to give your security operations center or managed security provider more visibility into you network to both stop and detect attacks before they are successful.
Organizations are being asked to upgrade their legacy applications to make them resilient to cyberattacks. Is there a more cost effective solution to protect these systems and their associated networks?
RG: As organizations upgrade, they tend to consolidate multiple older legacy applications into more robust applications hosted in data centers. These are hosted on “flat” networks that let any user connect to any application, often only protected by a password or domain authentication making them vulnerable to lateral movement. A solution like CryptoniteNXT limits network access to authorized users without having to deploy firewalls, agents or proxies.
This approach also helps limit access to older embedded or IOT devices that are on the network and very hard to patch. CryptoniteNXT can isolate access to these embedded devices to limit traffic to only authorized administrators and protocols.
What should a company or organization do to defend themselves today and in the future?
RG: In order of priority, they should be able to demonstrate compliance with any and all relative compliance requirements. Doing something you are required to do is an easier sell to people outside of cyber than the next levels. Second, they should pick a framework (I like the NIST cyber security framework, but CIS, PCI (yes, I did list PCI) and others are fine) and conduct a gap analysis with their business and executive leaders to understand where they could improve and document what risks the management is willing to accept. Third, once some sort of risk management framework is in place, you should adopt technology and procedure reviews to improve both the efficacy and the efficiency of your operations. World class cyber organizations are constantly looking for ways to optimize their budget, headcount and technology partners while not losing the ability to detect and contain breaches.
We sat down with Ron Gula, the president of Gula Tech Adventures, to ask some pressing questions about cybersecurity. Ron is also the Co-founder of Tenable Network Security, a world leader in vulnerability management, Co-founder of Network Security Wizards, which produced the Dragon intrusion detection system, and is knowledgeable in many aspects of cyber security including public policy, intruder techniques, privacy, compliance & security technologies.
What are your concerns regarding the next generation of cyberattacks?
RG: My largest concern are attacks against the cloud. If your cloud sales, support, email or communications system had a breach, we don’t have a set of sensors and incident responders who understand how to detect and mitigate these. They will be silent and we need to trust our cloud vendors to do it for us which is very uncomfortable.
I’m also concerned that it is so easy to fund a cyber offensive team. We will need to defend against direct attacks, and indirect attacks in the form of fake news. Targeting of key employees with embarrassing rumors, political associations, putting them in situations where they can stick their foot in their mouth is a form of warfare that has been practiced for 1000s of years, and now the Internet and Social media makes it very easy to target leaders of rival companies.
How can we defend against the various strains of Ransomware which have been prevalent over the last 18 months?
RG: Ransomware works at scale because there are a large percentage of companies that are easy to get the malware to not only deploy, but detonate and encrypt their target hard drives. Organizations who have not invested in basic cyber hygiene, (patching, access control, backups, etc.) are sitting ducks. Solutions like CryptoniteNXT are a great way to limit your internal attack surface while not impacting your user’s experiences. The east-west network visibility provided by Cryptonite is also a great way to give your security operations center or managed security provider more visibility into you network to both stop and detect attacks before they are successful.
Organizations are being asked to upgrade their legacy applications to make them resilient to cyberattacks. Is there a more cost effective solution to protect these systems and their associated networks?
RG: As organizations upgrade, they tend to consolidate multiple older legacy applications into more robust applications hosted in data centers. These are hosted on “flat” networks that let any user connect to any application, often only protected by a password or domain authentication making them vulnerable to lateral movement. A solution like CryptoniteNXT limits network access to authorized users without having to deploy firewalls, agents or proxies.
This approach also helps limit access to older embedded or IOT devices that are on the network and very hard to patch. CryptoniteNXT can isolate access to these embedded devices to limit traffic to only authorized administrators and protocols.
What should a company or organization do to defend themselves today and in the future?
RG: In order of priority, they should be able to demonstrate compliance with any and all relative compliance requirements. Doing something you are required to do is an easier sell to people outside of cyber than the next levels. Second, they should pick a framework (I like the NIST cyber security framework, but CIS, PCI (yes, I did list PCI) and others are fine) and conduct a gap analysis with their business and executive leaders to understand where they could improve and document what risks the management is willing to accept. Third, once some sort of risk management framework is in place, you should adopt technology and procedure reviews to improve both the efficacy and the efficiency of your operations. World class cyber organizations are constantly looking for ways to optimize their budget, headcount and technology partners while not losing the ability to detect and contain breaches.