Back

NetSPI [Un]Wrapped: Our Top Hits from 2023 

Buckle up, rewind, and get ready for NetSPI’s reveal! Before we dive into the new year, we’re taking a moment to reflect on 2023—a year that passed by in a blur of milestones and moments. 

It was a year that demanded resilience, adaptability, and maybe a few extra cups of coffee. But amidst the whirlwind, there were triumphs, breakthroughs, and moments of sheer celebration on our team that made this year one to remember. 

Grab a warm cup of cheer, pull up a comfy chair, and join us as we rewind the track on 2023 through our favorite team moments, the resources that helped us thrive, and a much-needed reminder that even the most fast-paced years are worth slowing down to celebrate.

Our Favorite #TeamNetSPI Moments 

Marking milestones and welcoming new furry faces was all part of an exciting 2023 for our team. 

1. Celebrating our new headquarters 

Skyline views are on the horizon as we officially plant our flag at our amazing new headquarters. 

2. Officially passing 500 team members

Our team raced past 500 people in January, and is quickly approaching the next milestone, proving that we accomplish more together than we ever could apart. 

3. Welcoming Jersey to the NetSPI team

As the only four-legged member of our team, Jersey supports children and families during their time at the Masonic Children’s Hospital’s Institute for the Developing Brain. 

Top Educational Resources 

Building a more secure world starts with education. Our top resources this year spanned from Blockchain to Attack Surface Management

1. Offensive Security Vision Report 2023 

Our top resource in 2023 was NetSPI’s Offensive Security Vision Report, a first-hand study that summarizes the top vulnerabilities by attack surface and much more.

Offensive Security Vision Report 2023

2. 5 Blockchain Security Fundamentals Every C-Suite Needs to Know 

Dive into blockchain security! This eBook shares how major companies are using distributed ledger technology (DLT) today and the importance of security planning for blockchain operations. 

5 Blockchain Security Fundamentals Every C-Suite Needs to Know

3. How to Use Attack Surface Management for Continuous Pentesting

Point in time testing is so 2023. In this article, we explain how the shift to proactive security is rooted in always-on monitoring of known and unknown internet-facing assets.  

How to Use Attack Surface Management for Continuous Pentesting

Technical Articles the Industry Loved 

Technical articles reign supreme. 👑 Here are the top three technical articles our audience loved in 2023. 

1. Abusing Entra ID Misconfigurations to Bypass MFA

Explore Entra ID with Kyle Rozendaal. While conducting an Entra Penetration Test, we discovered a simple misconfiguration in Entra ID that allowed us to bypass MFA. 

Abusing Entra ID Misconfigurations to Bypass MFA

2. Escalating Privileges with Azure Function Apps 

Dive into privilege escalation with Karl Fosaaen. See how undocumented APIs used by the Azure Function Apps Portal menu allowed for directory traversal on the Function App containers. 

NetSPI Finds Privilege Escalation Vulnerability in Azure Function Apps

3. Mistaken Identity: Extracting Managed Identity Credentials from Azure Function Apps by Karl Fosaaen

Repurposed from our DEF CON Cloud Village Talk (What the Function: A Deep Dive into Azure Function App Security), Thomas Elling and Karl Fosaaen stumbled onto an extension of the existing research in the above article, Escalating Privileges with Azure Function Apps. 

Mistaken Identity: Extracting Managed Identity Credentials from Azure Function Apps 

Most Listened to Podcast Episodes 

Our mics were on fire this year! Tune in as we revisit the top podcast episodes that sparked debates, hit on industry best practices, and left you wanting to hit “repeat” on cyber defense. 

1. Episode 055: Teaching Next Gen Cybersecurity Leaders with Neil Plotnick 

Gear up for the future of cyber with Agent of Influence! In this episode, NetSPI’s Field CISO and host of the podcast Nabil Hannan tackles a pivotal topic: cybersecurity education. He’s joined by Neil Plotnick, a high school educator on the front lines as they dissect modern curriculum, student attitudes towards online data, and the crucial question: how do we cultivate the next generation of cyber defenders? 

2. Hack Responsibly: Riding the Azure Service Bus (Relay) into Power Platform with Scott Sutherland and Karl Fosaaen

On the inaugural episode of Hack Responsibly, we crack open the vault on Azure security with special guest, security consultant Jake Scheetz. Join the crew as they dissect Nick’s noteworthy vulnerability disclosure: a cross-tenant Azure exploit in Power Platform Connectors. 

3. Leading with FUN Instead of FUD with Tim Derrickson

Hold onto your hats—fun times and security insights are ahead! Nabil hosted guest Tim Derrickson, Director of IT and Security Services at One Step Secure IT, for a discussion on dropping the tone of Fear, Uncertainty, and Doubt (FUD) and injecting some much-needed fun into the cybersecurity conversation. 

Webinars that Captured Attention 

These webinars rose above the noise, giving our viewers tangible insight into NetSPI’s proactive security solutions, including Breach and Attack Simulation (BAS) and Attack Surface Management (ASM). 

1. Product Pulse: Demo of Breach and Attack Simulation (BAS)  

Hear from Spencer McClain as he guides you through our BAS platform demo and shares some of our favorite customer success stories. 

Product Pulse: Live Demo of Breach and Attack Simulation (BAS)

2. ASM In Action: NetSPI’s Attack Surface Management Demo 

See NetSPI’s ASM platform in action as Scott Henderson walks you through its ability to improve visibility, inventory, and understanding of known and unknown assets and exposures. 

Product Pulse: Live Demo of Breach and Attack Simulation (BAS)

3. Keeping Up with Medical Device Cybersecurity: Q&A with Product Security Leaders at Medtronic, Abbott, and MITRE 

Hear from medical device security leaders as they share best practices on compliance, updatability, vulnerability management, and more in this panel discussion. 

Keeping Up with Medical Device Cybersecurity: Q&A with Product Security Leaders at Medtronic, Abbott, and MITRE

As we raise a toast to the year’s successes and lessons learned, we can’t help feeling excited about the year to come. 2024 promises to be an adventure, and NetSPI is ready to tackle the challenges in stride. 

Get our best resources hand-picked for you. Want access to proactive security insights, industry takes, and a front-row seat to our 2024 game plan? Sign up for our monthly newsletter!  

Back

CISA Alert AA23-347a: NetSPI Coverage for JetBrains TeamCity CVE 2023-42793

NetSPI has updated Attack Surface Management (ASM) coverage for CVE-2023-42793 and released a Breach and Attack Simulation (BAS) Playbook that allows you to quickly test if you have detection coverage for the TTPS used in a recent campaign by Russian Foreign Intelligence Service Actors also known as APT 29.    

Summary

On December 13, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released Advisory AA23-347A. They assessed that APT 29 has been targeting JetBrains TeamCity servers vulnerable to CVE-2023-42793. After gaining initial access, APT29 attempted to escalate privileges, move laterally, deploy backdoors, and take additional steps to ensure long-term access to the compromised networks.   

Details

In September 2023, APT 29 was observed scanning for and exploiting vulnerable versions of JetBrains TeamCity servers exposed to the internet. The vulnerability allowed APT 29 to bypass authentication and authorization controls and execute arbitrary code on targeted servers.   

Using a combination of existing automated plays and the customizable Advanced plays available in the NetSPI Breach and Attack Simulation platform we were able to build a custom playbook to allow customers to test existing detection capabilities for this campaign. This playbook contains a total of 20 individual tests.

Some of the included procedures are: 

  • SAM Access – Registry Backup  
    • This actor has used built in commands to back up the registry to exfiltrate sensitive data from the host, they would use powershell to place zipfiles in C:\Windows\Temp for later exfiltration. 
  • WMI – WMIC 
    • This campaign uses many WMIC commands for host reconnaissance. 
  • Advanced – Arbitrary Mimikatz Command Execution 
    • APT 29 has been seen using at least five separate Mimikatz commands as part of their privilege escalation strategy. Using the NetSPI BAS platforms advanced plays it is simple to create multiple tests for the commands that are being used in this campaign.  
  • Scheduled Task – schtasks.exe 
    • The most common way they have being gaining persistent access is by using schedule tasks. 
  • Advanced – Arbitrary Windows Command Execution 
    • This advanced play allows us to quickly create tests for the built it Host Reconnaissance commands that have been reported in the advisory. This playbook includes four advanced plays to test the most common commands being run. 

Mitigation 

The first step should be to patch any JetBrains TeamCity servers in your network, NetSPI ASM can identify any that you are still hosting in your network and verify the issues were properly patch and watch for the introduction of potential future instances. 

After patching, NetSPI BAS can help you evaluate if your current detective controls are able to detect and alert on this threat and determine how robust your current controls are.   

For the automated plays the BAS platform provides detailed instructions on how and where to detect this activity.

Conclusion  

Overall, this threat actor is following the growing trend of developing a 0-day exploit that they can use for initial access while leaning on relatively traditional post exploitation behavior to accomplish their goals. ASM can help identify and monitor for issues, and BAS can be used to simulate attacks and evaluate your monitoring.   

Interested in working toward a more proactive security strategy? Our security consultants are here to help define the path. Let’s talk.

Back

NetSPI Celebrates Momentous Year for its Partner Program, Achieves 30% Growth in 2023 

NetSPI’s Partner Program heads into 2024 poised for another record-breaking year.

Minneapolis, MN – December 21, 2023NetSPI, the global leader in proactive security, today celebrates the achievements of its Partner Program in 2023, which experienced double-digit growth. This year, the company achieved a 30 percent year-over-year increase in partner-sourced revenue and doubled the number of opportunities. New partners have also more than doubled in 2023, with over 70 percent of NetSPI’s active partners having joined since the launch of the new Partner Program. In 2023 NetSPI gained 86 new partners, including Optum, Defy Security, and BMC. 

To fulfill the interest and momentum and nurture existing relationships, the internal partner team at NetSPI added four new team members, including Steve Baral, VP of Strategic Alliances and MSSP. Partner co-marketing and thought leadership opportunities have also increased significantly, with more than 5x joint or partner-facing activity over the past 12 months. Activity included events in US and EMEA, Webinars, Blog collaborations, and Podcasts.  

As 2023 draws to a close, NetSPI reflects on the strategic collaborations and synergies that have propelled its Partner Program to new heights. It is an exciting time to partner with NetSPI, as the program is positioned for another record-breaking year ahead. 

Empowering More Partners 

To continue this growth, the partner team at NetSPI is focused on empowering more partners in 2024. Lauren Gimmillaro, VP of Business Development and Strategic Alliances, is preparing to launch a new partner portal in January that will represent NetSPI’s deepening commitment to a partner-centric business model, providing growth opportunities for partners of all sizes, worldwide.  

“The performance we’ve seen from our partner community this year has been encouraging,” said Lauren. “It represents an opportunity for scale as we move into a more automated deal registration process for our partners, more on-demand enablement, and customizable resources for more strategic outreach.”  

The NetSPI Partner Program is also expanding to support more partner types, including MSSPs and Cyber Insurance Partners. “We recently announced a partnership with Chubb, one of the leading publicly traded property and casualty insurance companies,” Steve Baral, VP Strategic Alliances & MSSP, shared. “Through this partnership, Chubb customers gain access to NetSPI’s proactive security solutions, including complimentary access to our Attack Surface Management (ASM) platform.” This ASM offer is part of Chubb’s Cyber Services Program, designed to enable Chubb’s customers to proactively strengthen their security posture and mitigate risk of a claim. To read more about the partnership with Chubb, please visit https://www.netspi.com/news/press-release/chubb-cyber-insurance-partnership/.  

Celebrating Partner of the Year Awards 

In addition to its growth achievement, NetSPI today announced its Partner of the Year Award recipients. The awards recognize the invaluable contributions of the company’s growing partner network. Honorees include, CompuNet as US Partner of the Year, Softcat as EMEA Partner of the Year, Enduir as New Partner of the Year, and ReliaQuest as Tech Partner of the Year. To read the full Partner of the Year announcement, please visit https://www.netspi.com/blog/executive/partners/partner-awards-2023

To learn more about the NetSPI Partner Program, or inquire about becoming a partner, visit https://www.netspi.com/partners/.

About NetSPI

NetSPI is the global leader in proactive security, delivering the most comprehensive suite of penetration testing, attack surface management, and breach and attack simulation solutions. Through a combination of technology innovation and human ingenuity NetSPI helps organizations discover, prioritize, and remediate security vulnerabilities. Its global cybersecurity experts secure the world’s most prominent organizations, including nine of the top 10 U.S. banks, four of the top five leading cloud providers, four of the five largest healthcare companies, three FAANG companies, seven of the top 10 U.S. retailers & e-commerce companies, and many of the Fortune 500. NetSPI is headquartered in Minneapolis, MN, with offices across the U.S., Canada, the UK, and India.

Media Contacts: 
Tori Norris, NetSPI 
victoria.norris@netspi.com
(630) 258-0277  

Jessica Bettencourt, Inkhouse for NetSPI 
netspi@inkhouse.com
(774) 451-5142

Back

Celebrating Our Partners of the Year 2023

As we reflect on the past year with our Partner Program, we have much to be thankful for. With more than 30 percent year-over-year increase in partner-sourced revenue and almost double the number of partner-sourced opportunities we know we wouldn’t be where we are today without such dedicated support from our partners around the world.

Today, we are pleased to announce the winners of our annual Partner of the Year awards. It was difficult to narrow our selection down to the following list, as so many of our partners are putting in the work to grow with us, and so many of them deserve this recognition. With that, these awards celebrate some of our most strategic and impactful partnerships over the past year. Honorees include:

US Partner of the Year: CompuNet 

CompuNet, an engineering-led IT company whose strength lies in a team of outcome-driven and relationship-focused professionals, was our New Partner of the Year recipient last year, and this year they lived up to the hype. With an impressive 77 percent win rate on all deals we worked on together through the year, stable pipeline growth in their second year with us, and a 47 percent growth in closed-won business year-over-year, CompuNet has been an exemplary partner in our program over the past year. We look forward to continued growth with CompuNet in 2024 and beyond!

NetSPI joined CompuNet for a sun-soaked day in Montana at their annual golf event.

EMEA Partner of the Year: Softcat

Softcat, a leading provider of technology solutions and services to both private and public companies in the UK and Ireland, has been named EMEA Partner of the Year for its immediate acceleration into a very active partner in our EMEA region! Softcat just joined the partner program in July but already they are opening doors and creating opportunity for our EMEA team to expand in key industries, especially the financial services industry. We look forward to continued growth and appreciate the hard work already invested in our partnership.

New Partner of the Year: Enduir

Enduir, a full-service incident response and recovery services firm, has been awarded New Partner of the Year for their impressive performance in their first year working with us. Enduir signed onto our program in the second half of 2024 and they are off to a great start with a 100 percent win rate on some impressive deals. We look forward to a bright future with Enduir as we work with them in leveraging their front-line incident response and recovery experience to bolster the cyber resilience of our mutual clients.

Tech Partner of the Year: ReliaQuest 

ReliaQuest, a force multiplier of security operations with over 700 customers worldwide, has been honored as Tech Partner of the Year as their innovative work in detection controls aligns well with our ability to ensure detections are firing properly via our Breach and Attack Simulation. As NetSPI continues to expand with ReliaQuest’s GreyMatter, we see an opportunity to deliver always-on testing and proactive security to our mutual customers. We look forward to our continued strategic partnership with ReliaQuest in our joint efforts to drive outcomes for many of the most trusted enterprise brands in the world.

ReliaQuest and Enduir recently provided thought leadership in our blog on detection and response. Check out their insights here:

Closing Thoughts as We Look Toward 2024 

To our partner community: we have enjoyed working with and getting to know so many of you over the past year, and we are well-positioned to charge forward together into an even stronger and more exciting year ahead.  

Together, over the past year, we have established trust with many of our new partners and we refuse to take this progress for granted. We secured a foundation for accelerated success as many of our partners are bringing us into more and more customer relationships. This will be key as we brace for another record-breaking year in our Partner Program.   

A special thank you and congratulations to CompuNet, Softcat, Enduir, and ReliaQuest for your inspiring work in our Partner Program this year, and congratulations on your well-deserved recognition!  

Interested in becoming a NetSPI partner? Learn more about joining our inner circle here.

Back

eSecurity Planet: 5 Major Cybersecurity Trends to Know for 2024

NetSPI Chief Product Officer Vinay Anand was quoted in eSecurity Planet’s 2024 cybersecurity trends roundup, predicting that comprehensive visibility into all assets and tight control over who can access them will remain a top challenge for security leaders. Read the preview below or view the full story online.

+++

As 2023 draws to an end and cybersecurity budgeting is nearly complete, it helps to consider the year’s events and try to predict next year’s trends. After receiving input from industry experts and doing my own analysis of the year’s driving forces, I identified five major cybersecurity trends. We each need to consider how these trends may affect our organizations and allocate our budgets and resources accordingly:

  • AI will turbo-charge cybersecurity and cyberthreats: Artificial intelligence (AI) will boost both attackers and defenders while causing governance issues and learning pains. Read more.
  • Cybercrime will go to the next level: Cyberattackers will implement improved skills, “shift left” attacks, and shifting strategies to adjust to evolving cyberdefense. Read more.
  • Attack surfaces will explode: Cyberdefense complexity will compound as API, cloud, edge, and OT resources add to the list of assets to defend. Read more.
  • Government actions will increase: Expect more government regulations, state-sponsored cyberattacks, and increased documentation required to protect CISOs. Read more.
  • 2023 cybersecurity issues will continue: Weak IT fundamentals, poor cybersecurity awareness, and ransomware will still cause problems and make headlines. Read more.
  • Bottom line: Prepare now based on risk. Read more.

Weak Security Foundations

Even as vendors and technologies race ahead to tackle next year’s threats, many organizations lag in basic cybersecurity fundamentals such as asset managementidentityaccess managementdefense in depth, and cybersecurity awareness and training.

“Some of the foundational requirements for securing an organization will continue to challenge InfoSec leaders – primarily, establishing comprehensive visibility into all assets and tight control over who can access them and with what level of privileges,” acknowledges Vinay Anand, Chief Product Officer of NetSPI.

You can read the full article at https://www.esecurityplanet.com/trends/cybersecurity-trends/#3-attack-surfaces-will-explode.

Back

Invest vs. Optimize: Industry Leaders Weigh in on Simplifying Security Tech Stacks 

It’s a question older than the internet—do we optimize our existing tech stack or invest in new technology? The debate is as fresh today as ever, especially with the saturation of solutions promising to simplify security stacks. NetSPI Partners bring a fresh perspective to the lofty goal of simplifying detection and response outcomes by weighing in on the long-term effects of complexity, discussing when to optimize versus invest in technology, and explaining how automation can ease workflows and enhance efficiency in detecting, investigating, and responding to threats. 

Meet the Contributors  

This roundup includes contributions from NetSPI Partners and Thomas Adams, NetSPI’s Product Manager, Breach and Attack Simulation. Partners include: 

1. In your experience, what are the top challenges SOC teams face with detection and response controls? 

“The top challenges I have seen SOC teams face with detection and response controls are defining strategy and increased complexity in their tech stacks. Without a clear strategy for detection and response controls, SOC teams will often suffer a negative feedback loop that leads to increased complexity in their tech stacks. This frequently leads to deploying numerous point solutions and patching them together to cover control gaps, only to eventually look at yet another tool that claims it will simplify your SOC operations.

A sound SOC detection and response control strategy should consider their organization’s business aims and their organization’s threat landscape. Using a threat intelligence informed approach tailored to your organization can help in selecting controls and solutions that will provide measurable improvements on mean times to detection and remediation (MTTD and MTTR).” 

Kris Kocinski, Enduir, Principal, Cloud Engineering

“I think one of the biggest challenges that SOC teams face is knowing what detections are missing and how they can increase the number of real alerts while not creating too many false positives. Every network and setup is unique and it takes real time investment to really make sure that the security stack you build is finely tuned for your stack and security policy.” 

Thomas Adams, Product Manager, Breach and Attack Simulation, NetSPI

“We see a need for unification and visibility for detection controls as the main challenges SOC teams must overcome. These teams have multiple point solutions (SIEM, EDR, NDR, IDS/IPS, etc.), all reporting various detections that need to be processed and worked on by a SOC team. They could have multiple detections in one platform that all relate to one event, or they may have one alert in numerous tools that all relate to one event, but the SOC team has no easy way of stitching or unifying these detections together without resorting to manual processes and subjective logic.

The same applies to response controls. Once confirmed, most cyber events will have multiple response and remediation steps spanning many tools or systems. SOC teams must manually interact with each disparate platform to take these response actions, slowing down containment and eradication times while increasing dwell/active threat times. To combat this, SOC teams should invest in a Security Operations platform that can integrate into their security control ecosystem and act as the detection and event unification system while offering robust, “single click” response plays across their technologies. This unified view will drastically speed up event identification, containment, eradication and reduce dwell/active threat times.” 

Jeff Music, ReliaQuest CISO

“Our customers’ SOC teams are seeing a high volume of alerts, coupled with false positives, which can put them at risk of decreased effectiveness in identifying and responding to real threats.

Every new technology, every new platform has its own set of logs and data formats. To add to the challenge, many of our customers operate in a hybrid infrastructure, and they are required to adapt their detection and response capabilities to an increasingly complex environment.

In the face of skills shortage our customers must ‘do more with less’ and run a gauntlet of evolving challenges including sophisticated attacks, advanced persistent threats (APTs), integration challenges, ineffective automation, compliance requirements, evolving data protection regulations, and insider threats.”  

Harsh Thanki, SecureLink Security Consultant

2. What are some indicators that a client can enhance their existing tech stack versus invest in new technology? 

“I believe that before you invest in expanding your tech stack you should have an audit of your current capabilities and carefully evaluate whether they are being used to their fullest potential and if it is possible to better configure and tune them to cover whatever gap has been identified.” 

Thomas Adams, Product Manager, Breach and Attack Simulation, NetSPI 

“When assessing whether to enhance an existing tech stack or invest in new technology, it’s important to consider your current capabilities, before considering a new technology. Review your stack’s performance metrics and adaptability, and how you are trending on key performance indicators in your SOC.  

If the current stack exhibits inefficiencies in handling evolving threats, lacks adaptability, or hinders integration, enhancement is likely warranted. Enhancements could be exploring potential features you have yet to leverage in a solution, or automating a repetitive manual task in the stack. Conversely, if technological gaps persist in addressing specific threat vectors or compliance requirements, strategic investments in new technologies are warranted.” 

Kris Kocinski, Enduir, Principal, Cloud Engineering 

“Ultimately, the decision should be based on a thorough analysis of the organisation’s specific situation, considering factors such as functionality, integration, cost, scalability, and the long-term business strategy.  

Our customers in a rapid-growth phase often come to us with challenges as they feel they have outgrown their tech stack. Solutions that once were effective might appear to have failed to scale with them, but in some cases optimization, performance tuning, and additional configurations are all they need to continue without being forced into additional tech stack purchases.  

We also see a lack of employee training and enablement where the customers’ current tech stack is under-utilised. Employee training must be part of the plan from day one to ensure they are getting the most out of their existing tech stack. We also advise our customers to gather feedback from key stakeholders, including end-users and IT staff, to understand pain points and areas where improvements are needed. This input can guide decisions on whether enhancements or new technology are more appropriate.” 

Harsh Thanki, SecureLink Security Consultant

3. What kind of problems start to present themselves when security stacks become too complex? 

“When security stacks become too complex, SOC teams become overwhelmed with basic management and maintenance of these platforms, rarely realize the full value of the different platform capabilities, and often experience a false sense of “security” based on the technology’s promises versus real-world application and outcomes.  

SOC teams should continuously measure their cyber tools and program effectiveness to identify gaps in visibility, prevention, and detection. SOC leaders can use this data to gain insights into where controls may be missing and identify where systems or tools may be too complex for the outcomes they are driving toward achieving.”  

Jeff Music, ReliaQuest CISO

“The more complex your security tech stack gets, the more likely you are to have redundant or overlapping (even at times incompatible) features, a lack of visibility, muted agility, compliance challenges, and increased overhead. Complex security stacks can often require highly specialized skills for configuration, management, and optimization. If there is a shortage of skilled personnel or inadequate training programs, it can impede the effective operation of the security infrastructure. 

To address these issues, organizations should periodically review their security stack, streamline redundant tools, and seek solutions that provide a balance between effectiveness and simplicity. Regular assessments and adjustments are crucial to maintaining a robust, agile, and manageable cybersecurity posture.” 

Harsh Thanki, SecureLink Security Consultant 

“When security stacks become too complex, many of the other problems we see endemic to SOC job roles emerge, such as knowledge silos, resource constraints, burnout, and increased time and effort to onboard and train resources. As complexity increases, resources become constrained to owning different solutions or products in the stack. This often leads to knowledge silos across the SOC, as other day to day responsibilities and on-call reduce the ability to cross train resources on the sprawl of solutions.  

Additionally, this complexity makes it hard to onboard and train new resources, especially junior ones. Over time, these problems lead to burnout on the SOC team, which in turn will amplify these problems.” 

Kris Kocinski, Enduir, Principal, Cloud Engineering 

“When the security stack becomes too complex you start facing the problems in multiple areas, training new analyst becomes tedious and lengthy,  you have to start making decisions about what data is the most important or accurate,  analyst start facing burnout, documentation and policy writing become challenging, and this can lead to a false sense of security for non-technical leadership.” 

Thomas Adams, Product Manager, Breach and Attack Simulation, NetSPI 

4. In your experience, how has automation played a role in simplifying security stacks? 

“Our customers who have successfully implemented automation within their security tech stacks are minimizing manual effort within several areas including incident response, threat intelligence, patch management, log correlation, user behaviour analytics (UBA), suspicious email quarantine, and policy enforcement. By incorporating automation into these aspects of cybersecurity, organizations can achieve faster response times, reduce the likelihood of human errors, and improve the overall effectiveness of their security stacks. This, in turn, contributes to simplifying security operations and adapting to the dynamic and evolving threat landscape.” 

Harsh Thanki, SecureLink Security Consultant 

“Automation plays a significant role in simplifying security stack outcomes. SOC teams are focused on detecting threat actors in their environment, conducting complete investigations of these events, and responding to them appropriately to ensure complete threat eradication.  

Automation allows SOC teams to leverage the full capability of their security stack at machine speed when detecting, investigating, and responding. Automation can remove manual tasks and processes from some, if not most, of the SOC lifecycle, dramatically reducing the time it takes to detect, investigate, and respond to a threat. When automation is successfully leveraged, SOC teams can experience efficiencies in Mean Time To Respond (MTTR) from days down to minutes.”  

Jeff Music, ReliaQuest CISO 

“I believe that the future security stack will be heavily invested in Artificial Intelligence and Machine Learning while maintaining a human in the loop. This model will allow analysis of multiple data sources at machine speed and output that information to a human analyst for decision making and validation.” 

Thomas Adams, Product Manager, Breach and Attack Simulation, NetSPI 

“Automation has played a key role in simplifying security stacks and SOC operations by alleviating resources from time-consuming manual tasks, unblocking resources from repetitive stack operations to focus on other key initiatives and tasks, and increases consistency and confidence in SOC processes.  

Through the strategic deployment of automated workflows, routine processes such as incident detection, analysis, and response can be expedited with precision. The efficiencies gained from automation allow for more time to train your resources, reduce complexity in the tech stack, and help to reduce burnout by enabling your SOC team to operate more efficiently.” 

Kris Kocinski, Enduir, Principal, Cloud Engineering 

The balance between optimizing and investing will always be at play in the security industry. Automation can play a role in simplifying the detection, investigation, and response to threats, but really, it comes down to considering your current capabilities in light of your business goals and threat landscape before investing in new technology. 

This post was written in collaboration with NetSPI’s Partners. Learn more about becoming a NetSPI partner here.

Back

NYSE Floor Talk: NetSPI CEO Aaron Shilts discusses advancing offensive security and tackling AI cyber threats

Hear from NetSPI CEO Aaron Shilts as he discusses advancing offensive security, innovating post $410 million funding and tackling AI cyber threats on #NYSEFloorTalk with Judy Khan Shaw.

+++

Back

Reinsurance News: Chubb enhances cyber offering with NetSPI partnership

NetSPI’s partnership with Chubb was featured in Reinsurance News. Read the preview below or view it online.

+++

Property and casualty insurance company Chubb has announced the launch of its cyber protection partnership with NetSPI, a cybersecurity specialist.

NetSPI is an expert in proactive security, aiming to strengthen its clients’ cyber-risk profile via enhanced attack surface management and penetration testing solutions.

Through this collaboration, Chubb policyholders in the US and Canada will be able to use NetSPI’s full portfolio of proactive security solutions, including Breach and Attack Simulation (BAS), Attack Surface Management (ASM).

You can read the full article at https://www.reinsurancene.ws/chubb-enhances-cyber-offering-with-netspi-partnership/.

Back

Insurance Business Magazine: Chubb enhances cyber solutions through new partnership

NetSPI’s partnership with Chubb was featured in Insurance Business Magazine. Read the preview below or view it online.

+++

Chubb has partnered with cybersecurity company NetSPI to provide advanced attack surface management and penetration testing solutions.

Through this partnership, policyholders in Canada and the US gain access to NetSPI’s array of proactive solutions, including Breach and Attack Simulation (BAS), Attack Surface Management (ASM), and its penetration testing services.

NetSPI’s solutions are flexible and can cater to businesses of any size across various sectors, according to a news release from Chubb.

“This collaboration with NetSPI provides clients with peace of mind, enabling them to identify vulnerabilities, security issues, and exposure to risk before it escalates into a claim,” said Craig Guiliano, vice president of cybersecurity threat intelligence. “This value-added solution is part of Chubb’s efforts to proactively identify cyber exposures that are difficult to detect using common scanning tools and to strengthen our policyholders’ security posture more broadly.”

You can read the full article at https://www.insurancebusinessmag.com/us/news/cyber/chubb-enhances-cyber-solutions-through-new-partnership-469088.aspx!

Back

Seeking Alpha: Chubb and NetSPI launch cyber protection partnership

NetSPI’s cyber protection partnership with Chubb was reported on by Seeking Alpha. Read the preview below or view the article online.

+++

  • Property & and casualty insurance firm Chubb (NYSE:CB) Tuesday announced a collaboration with cybersecurity company NetSPI to strengthen clients’ cyber-risk profile via enhanced attack surface management and penetration testing solutions.
  • Chubb policyholders in the U.S. and Canada can take advantage of NetSPI’s portfolio of proactive security solutions and its suite of comprehensive penetration testing offerings at preferred pricing, the company added.
  • As part of this collaboration, select Chubb clients would be eligible to access NetSPI’s Attack Surface Management platform at no cost.

You can read the full article at https://seekingalpha.com/news/4043421-chubb-and-netspi-launch-cyber-protection-partnership!

Discover how NetSPI ASM solution helps organizations identify, inventory, and reduce risk to both known and unknown assets.

X