Hot Topics
Cybersecurity Security Boulevard (Original) 

Techstrong TV: Anomali Reveals Current Threat Landscape

Avatar photo by Alan Shimel on August 17, 2022

Hugh talks about The Anomali Cybersecurity Insights Report 2022 which provides visibility into the current threat landscape, reveals the top challenges to establishing a resilient cybersecurity posture, and provides details on how enterprises are adjusting their cybersecurity strategies in response to obstacles. The video is below followed by a transcript of the conversation.

Alan Shimel: Hey, everyone. Welcome to another segment of TechStrong TV. I’m really happy to have as a guest on this segment an old friend of mine, Hugh Njemanze. Hugh is the president of Anomali. I think most of you may be familiar with Anomali but we’re gonna ask you to give us a brief, anyway, in case you’re not, not to worry.

Hugh, welcome to TechStrong TV.

Hugh Njemanze: Thanks, Alan.

Shimel: It’s good to see your face here and I hope all has been well with you. 

Njemanze: Likewise. Things have been going as well as they can go in these current times.

Shimel: As we were talking off-camera, yes, it is that old Irish proverb they say may you live in interesting times.

Njemanze: Exactly. Specifically for cybersecurity, these are extremely interesting times. There’s a lot going on, both with the context of the pandemic and also the current world geopolitical situation. So it’s not about to get boring.

Shimel: No. You know what I’m afraid of with that, Hugh, and you took me down the rabbit hole, already. I’m afraid that we don’t get the boy who cried wolf syndrome here. That, look, the president is banging the drums about potential cyber attacks and everywhere, I’m flooded with PR pitches for people who want to comment on it. And I’m afraid that if we don’t see some big, bad thing happen, we’re gonna get a little bit of the boy who cried wolf syndrome and people won’t take it seriously the next time because the anomaly, no pun intended, with security is when nothing happens, we did our job.

Njemanze: Right. I do think in this case, it’s timely that the president is sounding a cautionary note because I think when you’re in sort of an actively evolving situation, it’s a good time to take a look at things that you can improve immediately as opposed to long-term plans. And usually that means kind of taking a look at your team, re-following the protocols that we say we follow. Is there stuff that we’re putting off that we could easily start doing now?

So a lot of times, it’s going to be sort of vetting your processes and making sure they’re up to your expectations as opposed to laying out some grandiose new five-year plan that’s not gonna take effect before the threat has either come or passed.

Shimel: Agreed. Look, let’s just hope for the best on that.

Njemanze: Yeah.

Shimel: Geez, I want to get us back a little bit on track here, though. As I said, I think folks in our audience have heard of Anomali. They may or may not 100 percent. Why don’t you give us a little background?

Njemanze: Sure, absolutely. So Anomali is about an eight-year-old company. We founded the company in 2013 and we have been very focused on threat intelligence, both making that more accessible, more useable, within large enterprises, but also applying the intelligence to enhance organizations’ cybersecurity effectiveness and results. And to that point, we are well-known for our first product known as ThreatStream.

We’ve also introduced a product named Anomali Match into the marketplace that directly applies intelligence at scale in ways that are very complementary to existing SOCs and SOC tools. And we just literally launched this month our new XDR product, which is a SAS product that helps deliver on the promise of XDR. You may be familiar with the acronym. It’s sort of the latest buzzword in cybersecurity.

And one of the goals of XDR is to make it possible to take telemetry from multiple silos, and by silos, I mean vertical security domains such as EDR or SIEMs, which are information event management tools or e-mail security. And combine information from all of those tools that are already deployed to gain new insights and early warnings and detection of threats. And so we’re very excited about our new XDR offering and we think this is the right place and time for tools like this to arrive.

And, in fact, we just completed a survey in January conducted as a Harris poll and we had over 800 cybersecurity decision-makers from 11 different countries and organizations all of 5,000 employees or more. And the findings were actually quite interesting both in the area of sort of the threat landscape itself, ’cause our survey went back all the way to 2019, so we could kind of see the delta pre-pandemic, and then what happened due to the pandemic, and moving forward.

And the answers were also very interesting in terms of the evolving perception, importance, funding, et cetera, and approach for the cybersecurity organizations within IT. So I’d be very happy to share of those learning.

Shimel: Yeah, please, let’s jump into it.

Njemanze: Excellent. So in terms of threat landscape, what was reported was that the volume of attacks and successful breaches literally doubled from 2019 to 2020. The success rate went up to, one, at 14 percent of the attacks were successful in some fashion or another.

Shimel: One-four, 14 percent, you said?

Njemanze: Yeah, 14 percent, so one-seventh of all the attacks resulted in breach –

Shimel: One-seventh.

Njemanze: Yeah. The number of organizations that experienced these breaches when up from 14 percent to 29 percent year over year.

Shimel: Doubled.

Njemanze: And overall, over three years, 87 percent of the organizations had experienced a successful breach.

Shimel: Hm.

Njemanze: So a lot of activity going on and the costs in 2020 were also quite high. Seven percent of the organizations ended up seeing an expense, whether from ransomware or other breach expenses, over a million dollars. And maybe 40-plus percent, 500K, between $100,000.00 and 500K and about 14 percent above 500K. So a lot of expensive breaches, a lot of activity.

And part of it, I think, is because there was a lot of change that resulted from the pandemic. So basically companies went more digital, so a lot of digital transformation. People were working from home. People were working solo. And so I think the attack surface exposed to malicious attackers got bigger more rapidly than the defenses could keep up.

Shimel: Let me jump in, if you don’t mind.

Njemanze: Yeah.

Shimel: A couple of things I think are in play there. Number one is the old axiom. I think it was Abba Eban, a U.N. ambassador from Israel, once said, “The Palestinians never miss an opportunity to miss an opportunity,” or something like that. The bad guys never miss an opportunity to take advantage of an opportunity.

Njemanze: True, absolutely.

Shimel: I say bad guys. Bad guys, bad gals, bad people, malicious actors in any form and shape they come in.

Njemanze: Exactly.

Shimel: Saw this as candy land. This is was the opportunity of a lifetime for them, number one. Number two, at the same time, in our rush to keep the wheels on the trains, and support our remote workers, and this whole digital transformation, we sort of looked the other way. We loosened up a lot of our cyber controls. All right, so it’s not a company-owned laptop. All right, so it’s your daughter’s laptop that she goes into chat rooms on and watches TikTok with.

Njemanze: Yeah, very true.

Shimel: “That’s okay. I need you to do your work.” So you had that at the same time you had these guys jumping on an opportunity. It had to end this way. It was almost inevitable.

Njemanze: Definitely. Yeah, and so it’s kind of a perfect storm, just like you said. On top of that, I think there is not as much of a peer infrastructure ’cause everybody’s on Zoom for meetings, but generally, they don’t get the chance to have sidebar conversations with their peers.

Shimel: No.

Njemanze: So it’s a very disruptive environment that the attackers were taking advantage of. And they also immediately jumped on the opportunity to create sort of specifically-targeted phishing campaigns that were leveraging people’s fear of the pandemic.

Shimel: Agreed. Again, for people not in the cyber industry, and we have a very tech audience, but there’s a lot of developers and stuff like that, DevOps, cloud-native folk. But people not in the cyber industry, I think sometimes they’re amazed at the organization and infrastructure of the bad actors. These people are highly organized. They have processes and tools in place that rival the kind of tools our cybersecurity teams have.

Njemanze: Absolutely.

Shimel: And there’s a whole economic hierarchy of these folks. And so this isn’t kiddie scripters we’re dealing with. They range everything from nation states, to highly, highly profitable economic-driven bad actors, to hactivists, and social, and all of these things. This is not the unwashed masses. These are very organized, very smart.

Njemanze: Absolutely. In fact, one of the questions on the survey was are these IT organizations, are they more concerned about organized groups or individual hackers. And the overwhelming majority said organized groups are the threat that they face.

Shimel: Absolutely, it’s organized. Not to be all doom and gloom, let me go the other way a little bit. ‘Cause the fact of the matter is, Hugh, I think overall, for the most part, our security posture at most organizations today are better than they were let’s say five years ago.

Njemanze: Agreed.

Shimel: We’ve made progress in the last five, ten years. No doubt about it.

Njemanze: True.

Shimel: Part of security is this whole cat and mouse game and reactive kind of thing. So it’s actually really interesting. The person I was interviewing before you, a recent survey of SOC analysts, 70 percent said they found the job rewarding, they’re doing good. Sixty-four percent said they were changing jobs in the next 12 months.

Njemanze: Oh, wow, yeah.

Shimel: So that’s the reality of our world. That’s the security person. Hugh, I always like to ask people so when you look at the survey, what results kind of caught you by surprise that you wouldn’t have thought they would show this?

Njemanze: Well, that’s actually easy, in a way, because there were some very unintuitive responses. For example, one of the things that we asked about was what are folks looking for these days when they are acquiring, purchasing, researching cyber security solutions. And I don’t think anybody, certainly I was surprised, I don’t think anybody would expect that the last two things on the list were cost and ROI

So really the priorities have shifted. So it’s not that people don’t care about those things. It’s that everything else now is more important. So, in fact, the three most important things on the list were the vendor support for the product, ease of use, and integration with other third-party products in our environment.

Shimel: Really?

Njemanze: Yeah.

Shimel: Well, that’s heartening.

Njemanze: Yeah, and I think that this is also tied to the pandemic. Because I was mentioning earlier this dynamic that people are no longer sort of 20 people in a room. You just lean over to the next guy’s desk to ask for help. So it kind of makes sense that if everybody’s working individually kind of as a lone ranger working as part of a broader team that is not really real-time talking to each other, that you either need a product that’s dead easy to use or you need to be able to reach the vendor if you don’t have a neighbor in the next seat to get help, insights, consultation, advice.

And then, also, again, if the sort of SOC and IT environment are being administered remotely, then having seamless integration with the other tools rather than somebody kind of stoking the coals on the fire all day, every day, seems like another natural outcome in terms of requirements. So it kind of makes sense to me, but it was surprising to see that shift.

Shimel: Yeah, that is. Look, I’m in security 25, 30 years. To hear that price and ROI is at the bottom, wow. That’s wow. Anyway, Hugh, we’re almost out of time. For people who want to take a look at the full report and the findings, where can they go?

Njemanze: They can go to anomali.com and it’s an interesting report. It’s over 20 pages long and I think everyone will find something interesting that can be applied to your situation.

Shimel: Absolutely, and for those out there who aren’t sure, Anomali is A-N-O-M-A-L-I.com, right?

Njemanze: Absolutely.

Shimel: All right. Hey, Hugh, it’s great seeing you, man. I’m glad everything is well with you. I look forward to seeing you maybe RSA in June or something.

Njemanze: Absolutely.

Shimel: We’ll see you in person.

[Crosstalk]

Njemanze: Okay. It’s been a pleasure.

Shimel: Always a pleasure.

Njemanze: Take care, Alan.

Shimel: Alrighty. Bye-bye, Hugh.

Njemanze: Bye.

Shimel: All right. We’re going to take a break here on TechStrong TV. We’ll be right back.

Recent Articles By Author
Avatar photo More from Alan Shimel
Alan Shimel , ,
Avatar photo

Alan Shimel

Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.

Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., DevOps.com and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.

Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.

Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded DevOps.com and then the DevOps Institute. DevOps.com is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.

Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience. His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.

alan has 82 posts and counting.See all posts by alan