Transcript Here

What You’ll Learn

• What really happens before, during, and after a cyberattack
• Why alerts alone aren’t enough—and what action truly looks like
• How our “Big R” response approach drives results
• The critical role of human insight in an AI-driven world
• What it takes to stay ahead of evolving threats

Featuring

Erica Smith, Director of Security Operations (Moderator) | Stephanie Camacho, SOC Shift Lead | Ryan Bratton, SOC Auditor

The post On Demand Webinar – Tales from the SOC: When Action Speaks Louder Than Alerts appeared first on CyberMaxx.

Overview

In this exclusive webinar, CyberMaxx CISO Thomas Pioreck will walk you through a real-world breach scenario—highlighting the critical decisions that can either prevent or escalate a cyber crisis.

Key takeaways:

• The full impact of cyber-attacks—beyond financial loss
• How integrated cybersecurity tools can stop threats in their tracks
• Lessons from organizations that successfully defended against attacks

This session is essential for business leaders, IT professionals, and anyone responsible for safeguarding operations.

Featuring:
Lisa Burke, Chief Customer Officer at CyberMaxx| Thomas Pioreck, CISO at CyberMaxx | Lee Crockett, Director of Sales at Advanced Logic

The post On Demand Webinar: Avoiding Your Worst Day – What Every Business Leader Needs to Know About Cybersecurity appeared first on CyberMaxx.

Join our webinar focused on how CyberMaxx leverages SentinelOne to prioritize rapid response and get you out of your worst day.

Join experts from CyberMaxx and SentinelOne as they discuss the real-world impact of “Big R Response” – a proactive approach that goes beyond alerting to drive true cybersecurity outcomes. It’s key to provide your security team with more than just tools, but real-time support that prioritizes rapid response and gets them out of their worst day quickly.

In this session, Zack Hoffman (CyberMaxx) and Jay Ryerse (SentinelOne) dive into how CyberMaxx utilizes SentinelOne’s best-in-class EDR platform as a cornerstone of its Managed Detection & Response (MDR) strategy. The conversation will share practical use cases that demonstrate how advanced response capabilities are being used to reduce dwell time, contain threats, and protect organizations in real time. Questions are more than welcome.

Key Takeaways

• What “Big R” means in the context of modern MDR
• How CyberMaxx integrates SentinelOne EDR into its threat response workflows
• Real-life customer scenarios showcasing effective threat mitigation
• Proactive, response-centric MDR strategies

Who Should Attend

Security leaders, SOC managers, CISOs, IT professionals, and anyone interested in advanced threat detection and response strategies.

Details

Event Location: Virtual Webinar Link
Date: Wednesday, September 10, 2025
Time: 1:00 p.m. EDT

Spots are limited, so RSVP today! More details will be shared upon RSVP confirmation.

The post Modern MDR: Focused on Response with SentinelOne appeared first on CyberMaxx.

In this video series, we’re here to peel back the curtain and show how the “tricks” in cyber are done so we can all have a better understanding.

MFA is the abbreviation for multi-factor authentication. You may also have heard of its close cousin, 2FA. That would be two-factor authentication.

Tom Pioreck, CyberMaxx’s CISO, will be diving into MFAs. While MFAs can be annoying, they are also critical at reducing your risk of being victimized through one of your accounts. It’s why we feel that this was an important first episode for our Demystifying Cyber series.

For your convenience, we’ve included a transcript of the 25-minute episode below. Feel free to watch the video on YouTube.

Transcript

The famed author, Arthur C. Clarke, had three laws when it came to science fiction; the third law is, any sufficiently advanced technology is indistinguishable from magic. We’re here to peel back the curtain and show how the “tricks” in cyber are done so we can all have a better understanding. This is “Demystifying Cyber.”

Hello, I’m Thomas Pioreck, cybersecurity professional with close to 20 years in the industry and self-professed most paranoid person in the room. On this episode of “Demystifying Cyber,” let’s lift the veil on MFA, multifactor authentication.

What would happen to you if someone was able to access your bank account and transfer all of your money out? How would you feel if your friends and family were scammed out of significant money because of an email “you” sent them? Would you feel violated if someone used your email address, after they took control of it, to conduct widespread fraud and scam dozens of strangers, if not more, out of their life savings? What if all of your family and friends became targets just because you had them in your address book? Do you want strangers accessing and manipulating your emails, savings account, retirement accounts, financial investments, medical records, utility bills and accounts, or your social media? Of course you don’t.

But all of those are possible scenarios that we decrease the chances of happening significantly when we implement MFA, multifactor authentication, on our accounts. Sure, MFA can be annoying, it can feel like it’s interrupting your flow, but those are the benefits it provides you. It greatly reduces the likelihood that any of those horrible situations could happen to you. And really, it’s a grand singular benefit. It helps you keep all of those accounts, with all of that personal information, within your control only. It greatly reduces the odds of you and your loved ones from being victimized through one of your accounts or “in your name.” Do you want it to be your account that leads to a massive security incident at your job that could potentially lead to the company having to close? Or lay off a lot of your friends and coworkers? Not because it’s your fault. Just because MFA wasn’t enforced for the account.​

Let’s acknowledge the ugly truth about people and MFA. We don’t like it. We find it annoying, a tedious extra task that just prolongs this simple thing I’m trying to get done so I can move on to the next thing. All I want to do is check my email so I can see when the fantasy football draft is, what’s the big deal? It’s just a quick login to my bank to confirm I have the funds for that new LEGO set that was finally released. All I want to do is log in to social media so I can take a picture of this sandwich, say it’s basic, give it zero stars, and throw on a bunch of trending hashtags because I’m an influencer in training. What’s so critical about any of that? Fair enough. But if you’re looking to be an influencer, if your social media accounts have your personal thoughts and reputation, are you willing to lose control and access to them? ​

Then there’s the actual logistics of using MFA. Sat down at my computer but I left my phone charging in the other room. Now I have to get up and go get the phone, just to confirm I’m me by clicking an app or entering some dopey code? I’d love to login right now but I was in a rush getting everyone out the door this morning before I came to the bank to process this loan application and forgot my phone. Or you misplaced the security token you use for MFA. Or you took that tray of muffins out of the oven when you were distracted and burned your fingertips so badly, now your fingerprint is no longer valid. Okay, that may be a bit of an extreme example. Moral of the story is always use oven mitts. ​

I get it, I do. Sometimes I have those same thoughts and feelings. I just need to do this quick little thing and this extra MFA step is going to take almost as long as the thing I’m logging in to do. So I have that feeling. But I know. I know why it’s important.​

It’s not necessarily there to only prevent a malicious intent. It’s there to help guard against a negative outcome. So I appreciate that little bit of delay.​

All right, so all that being said, what exactly is MFA? MFA is the abbreviation for multifactor authentication. You may also have heard of its close cousin, 2FA. That would be two-factor authentication. What’s the difference? Not much really. 2FA is just setting the number of factors, two. That’s it. Multifactor means it’s at least two, could be more, depending on the system. Top-secret defense systems may have more than two.  You need to swipe your badge, enter a PIN, and then submit to a palm or retina scan. I’m not advocating that we do that for all our accounts, just illustrating that it is possible to have more than two. ​

In security, we classify potential authentication factors into three basic categories. ​ Something you know. ​Something you have. ​ And Something you are. ​

Multifactor means that you are providing authentication of your identity using at least two of those categories. You don’t want to double up on just one of them, you need to include at least two of the categories. Okay, that’s great, but what do they mean? Glad you asked.​

Something you know is a PIN or password. It’s in your head, something you know. Now some of you may be using password managers or vaults, and that’s great, but those passwords still count as something you “know.” Does that make the most sense? Maybe not, but them’s the rules. Another authentication method we’re all familiar with are the security questions. Some platforms don’t provide for the something you have or something you are categories, they just pile on the something you know. Account recovery questions tend to fall into this category. You know the ones, when you’re signing up and creating that account, you’re asked to select your recovery questions. We’re all familiar with them. What’s the name of the street you grew up on? What’s your mother’s maiden’s name? What was the first car you owned? What is the airspeed velocity of an unladen swallow? You know, generic questions that only you should theoretically know the answer to.

Well, here’s one of the problems with those questions. It doesn’t take someone long to figure them out. Especially malicious actors. There’s a whole field called open-source intelligence, OSINT for short (what’s with security people and the abbreviations?) It can be a whole episode on its own, but basically it’s learning facts and information about people from publicly available sources. Say, like, your social media account, which you didn’t set to private. So when you talk about growing up on Elm Street and remember Freddy, the nice old man who lived up the block. When your mom wishes you a happy birthday and her account clearly denotes her maiden name. Or that remembrance post about Santa’s Little Helper, that first great dog you had. It takes a skilled OSINT practioner less than a day to gather up all of the information that we’re usually asked to provide as additional “security” questions. ​

Now here’s the fun part. You know those questions those accounts ask you, the ones we’re talking about that ask you to provide answers to personal questions so that you can prove you’re you? Lie. Make up your answers. Remember, these systems don’t know what the right answer is, they think they’re doing you a favor by providing simple to remember security questions. Just make stuff up. ​

A password manager is great for this because it will randomly generate passphrases or passwords . it’ll even allow you to save the questions and generated responses. Yes, there’s an argument that you’re putting all of your eggs in one basket, but we’re balancing security with usability. Then you just keep a list for each account for the question and answers. If you were to go by security questions across my online accounts, you would discover that my mother has had close to 20 different maiden names and the majority of those aren’t even words. Which makes it a bit more entertaining when the customer service rep asks you to confirm your mother’s maiden name and you say, sure, it’s “E@3rtwX*9$kKt.” You could also just use random words you’ve come across for the answers too. So when they ask for your mother’s maiden name, you get to respond, “puppy monkey baby.”​

Where was I? Right, something you know. So that covers PINs and passwords. Not really enough on their own. Especially passwords because of how many breaches have occurred over the years. You basically have acccept that most of your passwords have already been compromised and it’s just a matter of time before some threat actor comes along and tries them against every kind of web account there is. They could try to run what we call a spray-and-pray attack. Basically, they just throw every username and password combination they have at a system and see which ones the systems accepts. Now, if you have MFA, that spray-and-pray attack alone won’t get them that access. They now need to go after your MFA. So we’ve made it a little more annoying to them. ​

Next up, something you have. We’re not talking about a sunny disposition, a knack for Sudoku or brown hair or freckles. No, we’re talking about something physical, something you can hold in your hand. Your phone fills in a lot here. You could have a security token, like this. This is a Yubikey. It plugs into the USB port on your device and when it’s set to be your MFA device, when you get prompted, you just touch this gold circle here. Some, like this one, also have NFC tech, that’s near-field communication. It’s the technology that allows you to tap your phone or credit card to initiate a payment. You can use the NFC tokens on a modern iPhone and many Android phones because it’s the same tech that lets you use Apple, Google, Samsung, whatever Pay. It could be a card. Some orgs will have their identify badges double as security card. You swipe or tap your card for entry. For some locations, you have to swipe/tap your card and then enter a PIN.

That’s multifactor in action. Smart for an office processing confidential information, not so great when it’s on the bathroom door.

But the biggest player in the something you have space, and we already talked about it briefly, your phone. Nowadays, we always have our phones on us. Authenticator apps are apps that you install on your phone, Google, Microsoft, and Duo are the big players here, and access there for a verification code. Some allow you to opt for a simple push notification, where all you do is click the button when prompted after entering your username and password. ​

And while that push notification is convenient, security folks have started to move away from it. See, once we come up with an additional way of protecting information, threat actors set about finding a way to get around that protection. ​

And they figured one out for those push notifications, it’s called MFA Fatigue, also known as MFA Bombing or MFA Spamming (again, if it’s not the plethora of abbreviations, us security folks can’t help ourselves when it comes to giving the same thing multiple names.) Let’s remember that MFA is helping protect our accounts by adding a layer of protection, protection for when our username and password is compromised. ​

Once an attacker has the username and password, they just bombard the system with login attempts that generate the push notification to your device. So an unexpected push notification could be a good indicator that your credentials for that account are compromised and you should login and change them for that account, plus any other account where you’re using the same password, which we all know you aren’t because you shouldn’t be, but just in case. What they do is just bombard with prompts, over and over again, until they wear you down and you finally click Accept just to make the notifications stop. So security people prefer the code. ​

You’re probably familiar entering a code from an app, a lot of the companies we work for have already implemented it. You set up the account in your authenticator app, you login and are prompted to enter your six-digit code. You open the app, find the account and just enter the six-digit code that’s in the app into the prompt and you’re in. Did you ever notice that app has a countdown? Those codes aren’t static, if you haven’t noticed. See, when you first set it up, there’s a whole bunch of math that gets set up and triggered to generate a seemingly random code on your phone but the same math is set up for your account on the system, so the same algorithm runs every 30-60 seconds so that your phone and the account generate the same-secret code. That’s how it knows they match. Kind of like those annoying couples that always finish each other’s sentences in unison. ​

Then there’s SMS, which is the technical name for text messaging. You provide the system with your cell number when you’re setting up the account. Then, when you login and enter your username and password, the system says they’ve sent you a message with your code and provide the field to enter the code they sent. Within a minute, your phone notifies you that you have received a text, and that text tells you that here is your code. You type in the code, usually six numbers, something more, rarely less, hit Submit or Enter, and the login completes. The close cousin is the email notification. When you set up the account, you’re asked if you want to use text or email or either. Then at login, it asks you how you want to have your code sent, text or email. Selecting email works pretty much the same way the text, sorry, SMS, method does, except you get an email with the code, instead of the text. ​

Now here’s where we get into an issue with text and email. First, email. The presumption that the system here is making that you still control the email account being used. But what if you’ve lost that access? Let’s say your email account is already compromised and under control of a threat actor. Well, they’re in charge of the verification system you’re sending the code to. So the benefits of having MFA set up go right out the window. Oh, sure, we know you have MFA set up on your email accounts, didn’t forget any, and haven’t fallen for an MFA compromise on your email account. And here’s something else, this is supposed to be something you have, as in, it’s in your physical possession. Would you say that your email account is in your physical possession? Yes, granted, you’re getting it on your phone or computer, and that is in your physical possession, but is an email account really in your possession? I say no, it isn’t, so let’s not use in such a manner intended for possession. ​

There are a lot of security people out there that pull their hair out when they hear someone’s using SMS as their multifactor. Or if a vendor offers SMS as the only choice when setting up an account. Like, well, why even bother having it in the first place? But we don’t really do a good job of explaining why we feel text is weak, really a notch above email, when it comes to setting up a multifactor option. ​

So here it is. There are a number of ways your cell number, not even just the phone, but your cell number can fall under the control and access of someone else. Let’s start with the simple- you lose your phone or I steal your phone. It takes minimal training to look at the finger smudges on the screen of a phone and trace the Cheetos outline to figure out what your PIN or pattern code is. Oh, you use your face to verify? Sure it’s simple and it sounds very secure but it’s not foolproof and not too hard to crack. In fact, the amount of techniques threat actors have devised to unlock your phone with your face, with your sometimes willing help, could be its own mini-episode. ​

But the big one that security folks always get into is SIM-swapping (hey look, yet another abbreviation). This is accomplished by a threat actor getting a different physical phone with its own SIM card, then calling your wireless provider and convincing the customer rep that the threat actor is you and having your cell number moved from your device to theirs, which means they now have a device that gets all your calls and texts. So the MFA code goes to their device. Now I know a lot of you enjoy your police procedurals and
heist movies, and yes, it is possible to clone your phone to achieve the same ends. The endgame is the same, you are no longer in sole possession of devices receiving your calls, texts, and most importantly for our purposes now, verification codes. ​

Now, I’m a Gen X kid who grew up on punk rock so it’s in my nature to sort of buck the general notions. SIM-swapping is real and it is a threat but it’s also generally only used in highly targeted attacks against an already known high-value target. And while it is important that we are aware of the limitations for SMS as a solution for our MFA and opt to use the better methods when they exist as an option for us, it’s also important that we acknowledge that something is better than nothing. If the only lock you have on the front door of your house is the latch in the door knob itself and I told you that it’s the weakest method, would you decide you were better off to not have any lock at all? Of course you wouldn’t.​

The third category is “something you are.” We’re not talking about being a Yankees fan or a Swiftie here. This something you are must be what’s called, “immutable.” That means it’s something that does not or cannot change over time. This is the category for biometrics; fingerprints, palm scans, retina scans, all of those. The logic is that only you have your fingerprints, retina scan, or other biometric markers. And while true, we must also acknowledge that there have been plenty of instances where someone has figured out how to beat a biometric scanner. Yes, Hollywood has shown us many ways, from the ingenious technical to the somewhat gory physical, but the actual methods are even broader and less messy. Then there’s the notion that these items don’t change. ​

I met someone that worked in security and couldn’t use their fingerprints for biometrics. Well, really, they couldn’t use their fingerprints anymore. They’d had a tragedy at their home where a horrible fire had broken out, and in the course of saving some of their possessions, they had suffered significant burns on their hands and fingers. Burns significant enough that their fingerprints were lost. So not only did that mean they could no longer use their fingerprint to establish an authentication factor, it also meant that any account where their fingerprint had been that factor, they could no longer use it to login. Also, despite what CSI and Dick Wolf’s universe may have led us to believe, our fingerprints aren’t as unique as many of us think. ​

Then you have one of my favorite stories involving a retina scan. A senior military officer was thrilled to learn that they were pregnant but since it was still the earliest stages of the pregnancy and because of their work, they were waiting before they shared that fact with a larger circle that would include friends and colleagues. One day, they arrive at the military installation where they worked, which had heightened security for entrance that included a retinal scan. A scan they had used many times before to gain entry. Steps up, scans
their eye, negative. Tries it again. Buzzzzzz. And again, red light, no entry. Annoyed, and somewhat frustrated, they contact the point person for the system to report the issue. The technician responds, checks the system, checks the pattern on file and the pattern in their eye, and makes a simple pronouncement. “Oh, it’s because you’re pregnant. I’ll just make an adjustment for your new pattern.” ​

See, there are changes that occur to the retinal pattern that are a natural part of pregnancy. It usually reverts to the prior pattern after pregnancy. It’s normal, healthy, and not indicative of any concern. But what it does do, is cause an issue with verifying your identity against the retina pattern on file. So because of one technician’s awareness of retina patterns and what can cause a false negative, this officer’s personal secret was no longer a secret. ​

There’s also the story of a journalist who was able to take a high-resolution photo with their cell phone’s camera of an EU leader during a press conference. The image of the photo was good enough for them to extract a retina pattern. One 3D-printed contact lens later and they were able to beat the retinal scanner. So again, while great and mostly immutable not perfect. ​

And that’s important to remember. As secure as any of these methods are, none of them are perfect, nor foolproof. It’s a matter of which one works best for you and fits your security threat model.

In fact, multifactor authentication can be seen in some of our favorite Hollywood films, Crimson Tide, War Games, Hunt for Red October, each address MFA as part of their larger story. Who can forget the tense scene between the late Gene Hackman and Denzel Washington. The soldier at the beginning of War Games that turns his key and then proceeds to yell at the late John Maloney to turn his key, even going so far as to pull his weapon and train it on John Maloney. Or Tim Curry’s reaction in Hunt for Red October, when Sean Connery, the great Russian sub commander with a Scottish accent (huh?), announces for the record that he has taken the deceased political officer’s miss-ile key, and is, “keeping it for myself.” And Curry’s doctor reminds him that the reason for two missile keys is so that no “one man may arm the miss-iles.” It’s all about multifactor authentication. Ensuring that two separate actions are needed for the process to continue. Now, am I saying that logging into my email is as critical as ensuring a proper nuclear launch, no, of course not. But would you watch two hours that hinges on me getting a code on my phone? I doubt it.​

Ok, so now we’re clear on what it is, why it’s important, what constitutes the different factors, and that it’s not about hindering us from making a mistake, though it can be used as a quality check there, but there’s one big question left to answer, How? This is great, guy, but how do I set it up for my email, my financial information, my business and its operations? Good question. Let’s go over some simple ways we can set up MFA.

Setting it up for personal accounts, is relatively simple. My recommendation? First pick an authenticator app. Generally, it doesn’t matter which one, they all function in a same manner, and as the user, there’s no cost calculus. The cost to set up and implement an authenticator app falls to the platform provider, the vendor that’s supplying the access to the account you’re using. Dirty little secret? You’re going to wind up with more than one installed on your phone and that’s fine. Yeah, it can get annoying remembering which accounts had to use X, when your default is to use Y, but you’ll be surprised how quickly a lot of that sticks in your brain and becomes second nature. Now I know I said SMS is fine for most people but we want to take that little extra step, especially since it’s pretty simple. ​

The next time you’re in your email, go to its Settings section. There you’ll see Security as one of the menus and within there is usually where you can opt in to MFA or 2FA. You should see options to “Enable Multifactor Authentication.” Then it’s just a matter of following the wizard they present you with. For an authenticator app, they’ll usually present you with a QR code to scan from within the app. That’ll set the account up in your app and the rolling code will be present. Then you simply enter in the corresponding code to confirm it’s set up and working, and voila, you’ve implemented MFA. ​

What if the only option the account offers you, say your bank, is text or email? Change banks immediately. I’m kidding. Set it up with the SMS option over the email one. And feel free to send them an email asking when they expect to offer OTP (that’s the whole authenticator app thing, look more abbreviations) or security keys or tokens?

If you’re a company and want to implement it for the business , good news, you likely already have a lot of options available to you and they’re likely included in your current SaaS (that’s Software as a Service) and other cloud solutions. It’s simply a matter of working with your vendor to determine how to turn it on and roll it out across your organization. Word of advice, start small and in groups wherever possible. And communicate with your people that you’re planning to roll this out, when to expect it, and which applications will occur when. Then send reminders. Resistance is natural, especially when we feel like friction is being added to our days, so be clear about it. Don’t turn it on across every system all at once. Plan it through with your business leaders, security teams, consultants, and your vendor.​

If you’re feeling really ambitious at home or the office, opt to use a security token, the hardware solution. Like this one here. They’re great, simple to use, harder to bypass, but there is a cost consideration since you have to buy them and replace them if lost or stolen. ​

Once you’ve set up your authenticator app, make sure you’re backing it up. It can usually be included as an app that’s being backed up as part of your phone’s operating system standard backups. Last thing you want to do is set this all up, get a new phone, set that up, and then realize all of your verification codes were left behind. And if all of this feels daunting to you personally, start small. What accounts have the most important information to you? Start with those. For most of us that’s email and financial systems. Just have a plan that the next time you login to an account, you’re going to take the less than five minutes needed to turn on and set up multifactor for that account.

And that’s just about it. We’ve covered what MFA is, acknowledged the pain points that some people perceive about it, how it improves the protection of our accounts, and how to get started. There’s plenty more details and intricacies we can get into but this should be a pretty good introductory primer on the basics. Remember, security is about balancing friction. It’s not about making it difficult for ourselves to access what we need when we want, but making it harder for an unauthorized party, a threat actor, a bad guy, to do so. It’d be great to come home and just open the door and walk into the house. But I’m willing to have to wait a little longer to get the key out, unlock the door, and turn off the alarm, even if I neglected to hit the restroom before heading home and I’m in “a bit of a rush at the door” so to speak. Next time you have to enter that code, smile. It’s a reminder that the little extra protections you’ve put in place are working and that you’re accounts are more secure than they used to be with just a password. ​

If you have questions that you hope we’ll answer in future episodes, just drop us a line. Arthur C. Clarke said that any sufficiently advanced technology is indistinguishable from magic. Learning how the trick is done doesn’t diminish it but it does let you appreciate it even more. Computers are just processing an almost endless series of 1’s and 0’s. Once you remember that, the cloud tends to disappear.

Until next time.

The post Multifactor Authentication (MFA) appeared first on CyberMaxx.

Hosted by CyberMaxx and HS-ISAC, this session will provide context and stories from cybersecurity experts and healthcare customers, validating the real-world impact of cyber threats happening daily, targeting medical and dental organizations of all sizes.

Date, Time: May 7th, 2 pm ET.

Attend live, or register for on-demand here.

The post Webinar: Improving Healthcare Cybersecurity So Patient Data Doesn’t End Up on the Dark Web appeared first on CyberMaxx.

CyberMaxx’s Jarod Thompson, Director of Engineering, and Joe Diver, Chief Information Officer for Signature Health, discussed emerging issues in cybersecurity.

Targeted toward Chief Information Security Officers (CISOs), the two addressed how cybersecurity leaders can manage the balancing act of their roles. From offensive vs. defensive tactics to the true cost of cybersecurity to balancing budgets with strategy demands, it’s all covered here.

Taking answers from the Q&As, here are the top insights you can use to improve your cybersecurity program and build cohesion with other C-Suite leaders:

What’s the value benefit of basic cybersecurity? Is it usually cheaper than not implementing the essentials?

CISOs often have to validate a cybersecurity investment. The challenge is showcasing its value to the board to get budgets approved. It’s not as tangible as other outcomes, such as revenue from sales or production from operations.

Yet, implementing basic cybersecurity measures, while seemingly a minor cost, saves more in the long term by reducing the risks of breaches and subsequent operational and reputational damage. As Jarod Thompson explains:

“The investment from a cybersecurity perspective is…placing funds in an area to prevent something, hoping it never comes.”

Joe Diver then proposes the importance of educating the board on the value of implementing the cybersecurity basics. For instance, explaining:

“What impact does it [a cyber incident] mean for customers if we have this risk? And how much do we want to invest in it?”

Joe continues, “The benefits of cybersecurity may not be immediately apparent, yet the protection it offers is crucial.”

What do “offensive” tactics mean from a corporate perspective of cybersecurity?

The webinar description mentions using “offensive” security tactics, such as proactive threat hunting and attack simulations, to uncover vulnerabilities before adversaries do.

Joe Diver, for instance, explains how they use phishing pen-testing to identify areas where they need to invest more resources. The metrics are then presented to the board for funding to patch up vulnerable systems.

“One of the metrics we look at certainly is the results of [pen] testing. Those results go all the way up to the CEO, and we try to structure education around that…What could potentially be seen or used as an attack on our network, and how are we blocking those? How well are we doing testing? How well are we blocking threats and things of that nature?”

How do you benchmark cybersecurity program costs? Should it be a percentage of the overall IT budget, or is there another methodology?

Pinpointing a cybersecurity budget is a growing concern for CISOs. How much do you need to keep your business protected and operational? Is it a percentage of the IT budget? What does it look like based on risk exposure, industry standards, or compliance requirements?

Joe Diver explains organizations must ask, “What is acceptable for the organizational risk management strategy?” to assess what they’re willing to invest. You also must understand that “if you’re not prepared with a disaster recovery plan and redundancy, then you could lose a lot of data…if you lose trust from customers, you’re out of business too at the end of the day.”

Regarding the budget percentage allocated, Joe states that his industry [healthcare] is at “a 2% margin most of the time,” but it ranges industry by industry.

What are your thoughts on DSPM?

Data Security Posture Management (DSPM) is an excellent tool for continuously assessing risk to identify and respond to threats. Jared Thompson explains his experience and value with DSPM:

“One of the aspects we’re really doubling down on here [with DSPM]… is the identification of it [threats], but then the response to remediation afterward…So, digging deeper and understanding how to isolate the problem has become a focus [of DSPM].

What key indicators should prompt me to explore new cybersecurity solutions?

Like other business functions, diminishing performance tells you it’s time for a change. As Joe Diver explains:

“We have specific metrics we look at on a quarterly basis. The types of hits we’re getting [from external threats], how much is being blocked [from the network], phishing compliance rates, who are clicking the links, etc. If those success metrics are being met, then we continue. But if they’re not being met based upon the benchmarks we mutually established, then we begin to have those types of conversations.”

He also dives into how a change in an organization or solution usage should be considered.

“At times you may have a [vendor] relationship in which, uh, is mutual understanding… but there could be a change in leadership along the way where the organizations using the tool might be using it in, in a way that is pivoting to, to the left or the right…but if the client is going off course in how they’re using the technology, maybe, maybe it’s not a good partnership.”

He then closes on the value of constant engagement with a cybersecurity solution provider in determining if they’re getting value:

“Too many folks have that conversation on an annual basis… that’s a little bit too late, in my opinion.”

The CISO Role Isn’t Easy, But It’s Vital to Business Success

A balanced, proactive cybersecurity approach is essential for staying ahead of emerging threats. Educate your board on the business ramifications of an incident and invest in the basics to help avoid the cost of a breach in the long run. CISOs should also regularly evaluate KPIs to change their vendor, strategy, and other solutions as needed.

The post Top Questions Answered From Our SecureWorld Webinar: Achieving Cybersecurity Balance as a CISO appeared first on CyberMaxx.

They’ll discuss what they are seeing and what’s keeping them up at night, the current threat landscape, and how things are evolving in 2024 and beyond.

Meet The Speakers

Aaron Shaha, CISO

CyberMaxx

Strategic Information Security Executive and subject matter expert with a record of pioneering cyber security trends by developing novel security tools and techniques that align with corporate objectives. Known for building and leading strong teams that provide technology enabled business solutions for start-ups, industry leaders (Deloitte and its Fortune clients) and government agencies (NSA). Skilled at developing information security strategies and standards, leading threat detection and incident response teams to mitigate risk and communicating effectively across all levels of an organization.

John Caruthers, Exec VP & Chief Information Security Officer

Triden Group

EVP – CISO at Triden Group and the Founder of his own company. John is passionate about helping businesses protect their data, reputation, and customers from cyber threats, and creating innovative solutions that align with their goals and initiatives.

Jarod Thompson, Director of Customer Engineering

CyberMaxx

Experienced Senior Solutions Engineer with a demonstrated history of working in the computer and network security industry.

The post What’s Keeping These CISOs Awake at Night? A Fireside Chat appeared first on CyberMaxx.

From the perspective of security leaders, we will explore the promises AI has made and the reality it has delivered. Through real-world scenarios and practical examples, we’ll examine how security teams are poised to leverage the power of AI across the spectrum of threat detection and incident response.

This 20-minute on-demand webinar is an insightful conversation between two industry experts, Stephen Morrow, Vice President of Solution Engineering at Devo, and Gary Monti, Senior Vice President of Operations Defensive Security at CyberMaxx.

During this 20 minute webinar, you’ll gain insights into:

• The benefits and limitations of AI in Security Operations
• A view into the potential of today’s technology to security challenges
• Understanding the importance of combining human ingenuity with AI to effectively combat cyber threats

As a teaser, here are a few of the questions Gary and Stephen will be discussing:

1. What are some examples of how you have used AI in your Security Operations Center?
2. 96% of security professionals are not fully satisfied with their automation’s use of automation in the SOC. Reasons for this include – limited scalability and flexibility of the available solutions, costs of implementation and maintenance, and a lack of expertise and resources to manage the solution. What are some ways that you and your team have tried or are trying to overcome these challenges?
3. A growing concern in the industry is the usage of unauthorized AI. In a survey conducted by Wakefield Research on behalf of Devo, 96% of IT security professionals admit to someone at their organization using AI tools not provided by their company. How can management help to combat this issue?
4. How do you balance the use of AI as well as human ingenuity in your operations?

The post Decoding AI in Security Operations​: Realities, Challenges, and Solutions appeared first on CyberMaxx.

Understanding the Flexibility and Partnership of an MDR Provider

The working relationship with an MDR provider is just as vital as the monitoring, threat detection, and incident response services. Your MDR vendor should seamlessly fit into your organization and act as an extension of your team. Instead of viewing MDR as a one-sided client-service relationship, consider it a collaborative partnership. In this partnership, both parties prioritize the other’s best interests and maintain open communication to achieve optimal security results.

Solution flexibility is paramount in MDR services. During procurement, look for the red flags. Is the provider too rigid? Will they stay strict with the contract’s deliverables, or can they quickly add ad-hoc services based on your needs? This type of responsiveness is vital to successfully integrating MDR into your business.

Consider the ramifications, say, during an actual cyber attack. Imagine a scenario where your company is amid a critical incident response. If, in such a situation, your MDR provider delays assistance to review service terms, the consequences could be catastrophic. Treat MDR like a staff member. If you get pushback when assigning or needing specific tasks, that’s a red flag.

Check out our panel discussion with Mike Cena and Richard Weiss in the video below on the importance of MDR responsiveness to your needs.

(Watch the full Panel Discussion Series on our YouTube)

Managing and Utilizing Logs in MDR Services

Security logs play a crucial role in MDR services for network visibility. These solutions enable providers to investigate abnormal activity and identify threats. They also help providers ensure their controls work as intended and spot areas on the network that need security improvements. Without access to this data, there’s no way an MDR can effectively provide their services.

Though necessary, these logs come with their fair share of challenges. Companies are constantly undergoing digital transformations. These changes can involve investments in new software like SaaS products or major shifts in their IT infrastructure, such as switching cloud providers. If you don’t inform your MDR provider about infrastructure changes, they will lose access to new log data. This lack of information will leave them blind to potential security threats on your network.

As mentioned, the working relationship and MDR partnership contribute to optimizing your logs. Keep in touch with your MDR provider through routine meetings to get clear guidance on managing logs and maintaining visibility. They can even make recommendations that expand your security capabilities, such as application programming interfaces (APIs) or hooks.

For more detailed insights from our expert panel on MDR log management, check out the video below.

(Watch the full Panel Discussion Series on our YouTube)

The Importance of Industry-Specific Experience in an MDR Provider

Because so much of cybersecurity and compliance management are intertwined, it’s essential to consider industry-specific experience in your MDR selection process. You need an MDR provider who can differentiate themselves by specializing in your industry niche. They must have expertise in meeting unique regulatory requirements, infrastructure needs, and business goals.

Bringing in an MDR vendor to check off a box can be detrimental. That’s especially true in highly regulated industries like financial services or healthcare. Non-compliance or incidents can result in hefty fines and harm your brand’s reputation. Regardless of whether or not there are strict data security regulations in your industry, every company is now a technology business at its core.

For incident response, you need fundamental controls like identity management, firewalls, endpoint security, and operational capabilities like MDR. In addition to the solutions, ensure your MDR provider complements your technology stack. They should have a pricing model that fits your budget. Check if they offer service packages tailored to your needs, like complete or co-managed MDR services.

The video below explains the benefits of finding an MDR partner with industry-specific experience.

(Watch the full Panel Discussion Series on our YouTube)

Enhancing Security Investments Through MDR Platforms

MDR enhances existing security solutions like network firewalls, endpoint security tools, and SIEM systems. This enhancement boosts the overall value of your security investments. In addition to its primary services, MDR offers more. It provides 24×7 monitoring for threat detection and incident response. MDR also allows you to consolidate your data sources. This feature enables centralized reporting on activity, security performance, and potential risks.

These singular reporting systems provide a comprehensive view of your security program. This comprehensive view offers critical insights that enable you to manage controls by:

• Comparing key performance indicators (KPIs) to your security metric goals
• Running quarterly reviews to ensure government policies are effective
• Reviewing threats your security tools spotted (or failed to spot)

Check out the video below for our panel discussion on the value of MDR platforms in your security reporting.

(Watch the full Panel Discussion Series on our YouTube)

Decoding the MDR Provider Selection Process

When evaluating MDR options, find a vendor who can expand past the service provider role and be a true business partner. When evaluating MDR providers, consider several key differentiators. First, assess their ability to rapidly respond to changes in your needs, including ad-hoc services. Second, determine how they can enhance your existing security controls. Lastly, ensure they meet industry-specific requirements. These factors are critical in differentiating providers in the MDR marketplace.

Download our Managed Detection and Response Buyer’s Guide to sort through the noise and get insights on finding an MDR vendor that serves your priorities and regulatory needs while aligning with today’s security analysis best practices.

The post Sorting Out the Crowded Marketplace: Finding an MDR Provider that Meets Your Needs appeared first on CyberMaxx.

Understanding the Value of MDR Partnerships

MDR is now a commodity and integral to constructing a modern cybersecurity strategy. With the talent shortage, most organizations have no desire to hire full-time security analysts, especially ones likely to turnover. Many companies lack the budget or expertise to build their security operations center (SOC). Therefore, this makes Managed Detection and Response (MDR) services an attractive option for these companies.

Contracting with an MDR vendor is more than just a service agreement with a security provider. This partnership is highly valuable and acts as an extension of your existing team. With it, you can quickly identify and manage cyber risk without significant staffing or IT resources investments.
MDR services take control of your SOC so you can focus your attention on other areas of the business. They take responsibility for deploying and maintaining your endpoint detection and response (EDR) controls.

These controls ensure efficient incident response times, as outlined in the agreed-upon service level agreement (SLA). Furthermore, they provide key metrics that allow you to evaluate security activity and performance within your organization effectively. From minor network anomalies to potential threats, MDR teams also manage security alerts and respond if an attack occurs.

Richard Weiss, AccentCare, CISO,​ and Mike Cena, A+E Networks, Head of Cybersecurity do a great job outlining the value of MDR partnerships in the video below:

(Watch the full Panel Discussion Series on our YouTube)

Key Aspects MDR Services Offer to Teams

The core function of an MDR service is network monitoring and overseeing the security analytics systems. It continuously monitors your network for any suspicious activity and keeps an eye on your security analytics systems, such as your SIEM platform. However, MDR services’ specific features and functionalities vary depending on your unique needs and the technology stack you currently use. You can customize the MDR service to fit your specific requirements and integrate it seamlessly with your existing security infrastructure.

Some companies, for instance, already own and deploy their own EDR solution but need an MDR vendor to manage the controls. Alternatively, you may not have any security analysis capabilities. In this case, you would need a partner to implement and maintain a SIEM system from start to finish. There are also specialty use cases for MDR, including when a company needs ad-hoc, one-time forensic analysis after a data breach.

Regardless, service packages are highly customizable for clients to fill their resource gaps. A scarce talent pool of security analysts and tight budgets make assembling an in-house, 24×7 MDR team tricky.

Investing in an outside MDR vendor is far more cost-friendly and gives you a more scalable solution. MDR teams can handle multiple alerts or cyber attacks simultaneously because they’re staffed accordingly with the proper technical resources.

Check out the video below to see different ways you can integrate MDR into your security infrastructure per our panel insights:

(Watch the full Panel Discussion Series on our YouTube)

Evaluating MDR Vendors: Balancing People and Technology

When evaluating security solutions, many often prioritize the service features. MDR is not just a service; it’s a partnership and an extension of your team. Remember, you do business with people, not companies. This combined force of personnel and technical capabilities creates a powerful team to tackle your security needs. The relationship with your provider is just as vital as the cost of the services.

A quality, reliable security team effectively communicating and delivering fast response times is invaluable in an MDR vendor for security and maximizing customer experience. Differentiate providers by asking the key questions:

• Do I have the phone numbers of the leaders of my service provider, such as VPs or directors, to contact them should issues arise?
• Are we having weekly meetings to discuss my MDR, risks, and performance metrics?
• Am I regularly receiving the security reports I need?
• Are they taking the time to help us best understand our security gaps and grow our business relationship?

Also, remember that you want to pick the right provider the first time. Continuously onboarding and offboarding with various MDR partners is an expensive and tedious process. In addition to finding the right people, evaluate the contract details to ensure your MDR service is cost-scalable to meet your growing needs.

Licensing models can vary significantly between providers. Some providers charge based on events per second, while others charge based on log sources or the number of endpoints. Not understanding these details upfront can damage your MDR vendor relationship.

Get the full summary in the video below from Richard Weiss for how to best evaluate potential MDR providers:

(Watch the full Panel Discussion Series on our YouTube)

Building the MDR Vendor Partnership

MDR providers should act as an extension of your team to help you best understand and mitigate your cyber risks. Whether you need someone to manage your entire analytics system or come in for a one-time forensic service, you can tailor MDR services to your specific security needs.

While MDR vendors ultimately offer similar technical capabilities, finding a provider who balances those capabilities with strong human interaction throughout the service engagement is a massive differentiator. This human touch sets the truly exceptional MDR vendors apart.

Download our Managed Detection and Response Buyer’s Guide to sort through the noise and get insights on finding an MDR vendor that serves your priorities while aligning with today’s security analysis best practices.

The post Balancing People and Technology: The Value of MDR Vendor Partnerships and How to Find the Best Solution for Your Team appeared first on CyberMaxx.