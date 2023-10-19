Mandiant highlights the importance of a strategic approach towards cybersecurity at GITEX 2023
In conversation with Renze Jongman, threat intelligence advisor (MEA), Mandiant
What are the key innovations or technologies that Mandiant is showcasing at Gitex 2023?
Mandiant is a cybersecurity company specializing in incident response and threat intelligence. At Gitex 2023, we emphasise our commitment to enhancing cybersecurity through innovation and collaboration. With a core focus on incident response, where we conduct thousands of investigations annually, we gain invaluable insights into threat actor tactics and vulnerabilities.
Our mission is to equip organizations with the knowledge and tools they need to prepare for, respond to, and recover from cybersecurity incidents effectively. We bring this wealth of experience and intelligence to our customers, empowering them to bolster their defences and stay ahead of cyber threats.
We're extending our capabilities to Google Cloud. This collaboration ensures secure-by-design cloud platforms by combining Mandiant's security expertise with Google Cloud's technology. It enhances organizations' cloud security and aligns with Google Cloud's substantial investments in the Middle East and Africa region, reinforcing our commitment to the region and building security by design into our products. This strategic alliance underscores Mandiant's dedication to staying at the forefront of cybersecurity, helping organizations navigate the evolving threat landscape.
What are the key threats for organizations or the public sector that you observe in this region? And what strategy can they apply to be secured?
The cybersecurity landscape in the Middle East and Africa region is evolving rapidly, with a concerning trend of increasing zero-day vulnerability exploitation. In 2023 alone, we've seen 62 zero-days, surpassing the 55 in all of 2022. These vulnerabilities are exploited by nation-state actors, cybercriminals, and ransomware groups, targeting governments, technology, and telco sectors.
Cybercriminals, particularly ransomware actors, have not hesitated to use zero days as well. The rapid exploitation of vulnerabilities, such as the "MOVEit" vulnerability by the FIN111 group, AKA the clop ransomware gang), highlights the severity of the threat. These cybercriminals were exploiting the vulnerability so quickly that even the threat actors themselves faced challenges in keeping up with their ransom demands.
To enhance cybersecurity, organizations should adopt a multi-faceted strategy. Firstly, it's crucial to operate under the assumption that a breach will occur, allowing them to be better prepared for potential threats. Additionally, investing in a second layer of defense, focused on detecting, responding to, and containing breaches, is essential in minimizing the impact of security incidents. Continuously validating controls to ensure their effectiveness over time is another critical component of a robust cybersecurity approach. By integrating these strategies, organizations can significantly bolster their cybersecurity posture and readiness.
How does AI, especially GenAI, play a role in improving cybersecurity defence measures? What specific benefits does AI offer for threat detection, response times, and reducing the burden on security specialists?
AI is a force multiplier in the ongoing battle against cyber threats. It augments security teams, accelerates threat detection by identifying anomalies, reduces response times by providing real-time insights, and alleviates the toil on security specialists by automating tasks. AI filters through this noise, flagging only the most relevant and high-risk incidents.
For example, one of our incident responders ran into a complex piece of code written in a PowerShell language that was potentially malicious. By running it through our large-language model, the GenAI quickly identified it as a harmless update script, saving hours of the analyst several hours of deciphering. That's just one example, but something Incident Responders run into all the time. The ability to accelerate response, reduce dwell time and pivot from triage to recovery, can significantly reduce the business impact of security breaches.
AI also addresses the talent gap and reduces the workload on security specialists by allowing them to leverage AI tools, enhancing overall efficiency and effectiveness. For example, AI can generate complex detection rules, assist in malware analysis, and streamline code development.
Can you provide more details about how Mandiant plans to leverage GenAI to empower Threat Intelligence Analysts and enhance overall defence capabilities against cyber threats? How does this technology give organisations an advantage in responding to and containing breaches?
Mandiant is fully committed to using GenAI to empower Threat Intelligence Analysts and enhance overall defence against cyber threats. GenAI offers several advantages that provide organisations with an edge in responding to breaches. It enables deeper insights into threat actors, their tactics, and tools, allowing for rapid identification of emerging threats. GenAI also reduces the toil on security specialists by automating routine tasks and prioritising alerts, allowing them to focus on high-value activities. Additionally, it augments the skillset of analysts, helping them perform complex tasks and making security teams more efficient.
In practice, GenAI empowers threat intelligence analysts for rapid threat identification, streamlines incident response, and constantly improves its ability to detect emerging risks through continuous learning. It also empowers analysts to perform specialised tasks, enhancing their overall effectiveness.
By integrating GenAI into our services, Mandiant aims to provide organisations with a critical advantage in responding to and containing breaches, ultimately bolstering their cybersecurity posture. This commitment to innovation underscores Mendiant's dedication to staying at the forefront of cybersecurity and helping organisations navigate the ever-evolving threat landscape.