Insights from Security Mavericks: Interpublic Group, FICO, and Mercury
By Netography Team
With the center of cybersecurity gravity – especially network security – shifting to the cloud, defenders have to adjust their mindsets and legacy approaches to address new challenges. Sometimes it takes a maverick, someone willing to break from the norms and leave their comfort zones, to try new things.
Recently, David Meltzer, Netography’s Chief Product Officer, had the opportunity to sit down with a trio of security mavericks: Troy Wilkinson, CISO, Interpublic Group; Shannon Ryan, Senior Director, Security Core Services & Architecture, FICO; and Branden Wagner, Head of Information Security, Mercury. Each of these security leaders have moved quickly to address the modern threat landscape and navigate the shifts in our industry to uphold their mission to protect their organizations.
In a wide-ranging discussion they shared the impetus for change, the evolution of their security strategies, and the value realized from their tech stack decisions. Here are a few of the highlights. For more details, watch the replay.
The impetus for change
New tech: While AI and tools like ChatGPT are taking the industry in new directions, challenges such as identity protection, privilege escalation, and lateral movement remain the same. The recent attacks against major casino operations are a great example. As defenders, we must continue to focus on the fundamentals – protecting our network and data – while looking at how new tech can empower analysts by doing the mundane for them.
Economy: Current economic conditions are forcing security teams to do more with what they have while also driving the maturing of the security industry. People are learning to ignore buzzword marketing and are starting to realize that simply having a tool isn’t enough. It’s about balancing security and economic considerations, which means understanding your environment better and what you really need to protect your network and your data. Opting for a cloud-native platform approach over best-of-breed, driving deep into that platform with your technology partner, and investing in people and culture to sustain you during an economic downturn is key.
Scale: These security mavericks hail from organizations with operations in 100+ countries to smaller organizations of 5,000 employees. Regardless of size, they are all expected to be able to scale rapidly and need infrastructure and security technology providers that enable that. Whether bringing on a new cloud provider or supporting a location in the crosshairs of geopolitical conflict, being able to expand and turn on network visibility and security capability within an hour is incredibly important. You are weeks away from visibility when you have to ship an appliance, wait for it to clear customs, install it, and then deploy full packet inspection decryption.
The evolution of security strategies
Cloud-native platform: The move from legacy, on-prem technology to a cloud-native platform is much more advantageous. SaaS-based platforms make it possible to deploy network security as fast and as far as you want to scale – on-prem and across multiple clouds. Comprehensive visibility in a single view so you don’t have to switch between multiple consoles, data types, and rules enables you to make better decisions faster.
Metadata: In most cases, doing full packet encryption is not necessary and not something most security organizations are willing to pay for. The use of metadata in the form of flow data provides a great balance between privacy and security. Teams can see what’s happening to tell the story of why two devices are communicating, and if they can’t they are able to fix it. Flow monitoring also works everywhere – in multi-private data center and multi-cloud environments, and across multiple accounts in multiple clouds.
Organizational context: CISOs are under increased pressure to translate technical speak into a lingo that all board members can understand. Enriching metadata with context helps paint a picture that makes sense to the entire board. Instead of talking about IP addresses, talking about a device in the finance department that is connecting with another device in another region when it shouldn’t, tell a story that resonates from a business risk, compliance, or financial perspective.
The value Netography brings
Time to value: With Netography, the ability to scale and onboard fast, instead of the typical multi-step process, means that teams can see more and do more, faster across their hybrid, multi-cloud, and on-prem environment. Using enriched metadata is much more cost-effective than packet capture and decryption. The ability to quickly deploy out-of-the-box detections or write custom detection models is important because threats are shifting and moving quickly. And because it’s a SaaS-based platform, there’s no need to deploy sensors, taps or agents, or maintain infrastructure which also accelerates time to value.
Comprehensive Visibility: Visibility is real-time, and teams get instant interpretations of the data instead of waiting for slow, batch-based processes. Netography also provides North-South and East-West network traffic visibility. The ability to see lateral movement, privilege escalation, and all the other things that happen once a network has been breached is critical. Even in zero-trust environments, those deeper layers of investigation are important because, eventually, someone will get phished or click on something they shouldn’t.
Multiple use cases: Addressing the need to get more value from existing tools, Netography Fusion use cases go well beyond network detection and response (NDR) across the entire network. Cloud teams use the platform for initiatives, including software and data security posture management across multi-cloud environments. Security teams use it to reduce SIEM costs and the flood of raw data to teams by feeding the SIEM context-rich alerts. Network engineers use it as part of their day-to-day duties, for example, managing interoffice bandwidth and routing, resolving performance issues, and detecting misconfigurations. Costing organizations use it to monitor for spikes in costs and drill down into why. Tech migration teams use it to streamline migrations – helping to identify critical connections that need to be maintained.
In an industry that was ripe for disruption, these security mavericks recognized that Netography could help them make the progressive changes they needed to protect their modern enterprise networks today and into the future.
Watch the replay now to learn more.