Since the shift to working from home using personal devices and networks, the attack surface for threat actors increased.
Even though many companies, especially smaller ones, still believe that they won’t be attacked by a cybercriminal, the threats are only increasing. Working from home caused businesses to become more vulnerable, and it’s no longer an if but when you’ll be attacked.
The best way to prevent a successful hack is to be aware and be prepared. So, to find out how an organization is supposed to protect its infrastructure, we invited Jason McGinnis, the President and Chief Operating Officer of SilverSky – a company that offers cloud-based cybersecurity solutions.
How did SilverSky come about more than two decades ago? What were the major milestones throughout the years?
In 1999, SilverSky was created as a way for us to service the security needs of community banks and credit unions. SilverSky saw an underserved market that had a skills shortage, and we knew we had the efforts to address both. Between 2001 and 2013, SilverSky made 12 acquisitions to bolster its footprint with the community bank and credit union market, while also addressing product gaps in the portfolio. After beginning the process of gaining certifications, such as SOC2 Type2, PCI, and others, we were acquired by BAE Systems Applied Intelligence in 2014 to be a part of their commercial cybersecurity offering. In 2020, we were purchased back by former management team members and have since refocused our efforts on the cybersecurity needs of the small to medium enterprise market to make our services simple, affordable, and accessible. We have already completed three acquisitions since the BAE Systems divestiture, and we’ve had a major investment from ITOCHU International to help support us as we continue to broaden our customers base, acquire more and more talent and technology, and increase our footprint beyond the United States into Europe and the Asia Pacific markets.
Can you tell us a little bit about what you do? What are the main challenges you help navigate?
SilverSky has five main service offerings that we feel give our customers the best chance at creating and maintaining a solid security posture based on their specific needs. We offer:
- Managed Detection and Response (MDR) – this allows us to collect security logs from any device, monitor for threats in real time, and then alert the customer of the potential compromise and provide the needed steps to protect their environment. We also cut down on the alert fatigue that many customers experience with their security provider – we are showing all alerts but prioritizing the highest alerts for the customer so that they can immediately focus on remediating those.
- Managed Endpoint Detection & Response (MEDR) – this allows us to manage any Windows, Apple, or Linux endpoint in the environment to alert when there is an attack, remove the endpoint, and restore the machine back to its previous, non-compromised state before taking it back on-line.
- Security Device Management (SDM) – this allows SilverSky to manage firewalls and other security devices for customers so that we can maintain them with current security configurations and manage all changes to the devices as requested by the customer.
- Email Protection Services (EPS) – this allows us to protect the number one threat vector for customers and provide them with SPAM, Antivirus, Data Loss Prevention, Social Engineering Protection, Zero-Day Protection, encrypted email transmission, and archival storage of email.
- Vulnerability Management (VUMA) – this allows SilverSky to scan a customer’s attack surface (including internal and external assets) to look for vulnerabilities. We then rank these vulnerabilities so that customers can filter out false positives and other exposures that have been addressed so that they can be patched in a timely manner. Finally, we ensure the patch has resolved the vulnerability by helping the customer rescan their environment.
What technology do you use to detect and eliminate threats?
We tend to use best-of-breed technologies from companies such as Fortinet, Cisco, Rapid7, and SentinelOne in order to ingest logs and wrap around our security offering through our own proprietary interface for the customer. This interface allows us to bring together all of the alerts from subscribed SilverSky services and gives them a single pane of glass to look at their current threats, identifies the highest degree of compromise that needs immediate attention, and enables the customer to easily determine what is needed to address the compromise.
Did you notice any new threats arise as a result of the current global events?
As has been noted by many others, there has been a direct increase in attacks from state-sponsored hacking groups that are focused on customers regardless of whether they are large companies or not.
What measures can companies implement to protect their operations from these new threats?
It’s important for companies to take a holistic look at their cyber risks and develop a security program to help protect their infrastructure. They need to make sure that someone is monitoring the security posture on a 24/7/365 basis, as these attacks often come from areas of the world that are awake when most of us are sleeping. Make sure the security program is up to date, have ongoing monitoring and vulnerability scanning, and make sure that all endpoints are protected through an EDR agent – any device that can send security logs to an MDR solution. Also, ensure that email is protected and that all employees have passed and are aware of potential social engineering and phishing-related threats. Someone needs to be consistently watching security logs and correlating them to indicators of compromise that are occurring. This helps raise awareness about compromises and allows time to correct them before any damage is done. It’s also important to point out that basic security fundamentals are still key – things such as ongoing employee training, password management, data backups, and system patching.
Even though there are so many security options and providers out there, why do you think certain companies and private users still hesitate to upgrade their security?
We would say that three main criteria keep people away from upgrading their security:
- People feel like they cannot afford it but fail to consider the costs of getting breached or becoming a victim of a ransomware attack,
- They feel they are too small to be attacked. What they do not understand is that anyone is a candidate for attack because cybercriminals don’t limit their efforts to big-money targets,
- They fail to create a truly thought-out security program and instead tend to spend money on solutions and services without an overall picture of their true security posture.
Setting up a cybersecurity system can often be lengthy and complicated. What details do you think are often overlooked by organizations?
Thorough planning and having a good understanding of what your current security posture looks like is a basic foundational starting point that is often overlooked. Most customers just look to purchase point solutions and they disregard the amount of time it may take to install and manage them. In today’s environment, it takes multiple solutions to properly protect a customer’s environment and it takes a staff that supports them on a 24/7/365 basis.
Additionally, you must ensure you pay attention to the alerts generated from these point solutions to determine what is the most critical issue and how to fix it. Partnering with a company like SilverSky can consistently and cost-effectively address these needs.
Since you also specialize in email security, would you like to share some tips with us on how to maintain secure collaboration? What details should everyone be vigilant about?
When you are connecting to any third-party provider, whether it is purchasing services or collaboration, you must ensure that they have the proper level of security controls in place so that you are confident that their data is protected, which, in turn, protects your data. We see too many examples where attacks now come through trusted providers and the company failed to vet the provider on their security controls. Proper vetting includes asking specific questions, such as do they have a SOC2 II annual report, have they reviewed it, are they conducting background checks on their employees, do they have annual security awareness training, are they testing their employees against phishing attempts, and do they have regular third-party vulnerability scanning, etc.
And finally, what’s next for SilverSky?
SilverSky will continue to evolve its security offerings as the markets pivot to the XDR scenario. We will be enhancing our technology capabilities with deeper behavioral analytics and we will also offer a greater focus on additional remediation options. As we continue to grow in the United States, we expect to further expand our support into international markets. We will continue to enhance our own technology to make the process of identifying the critical alerts simple, affordable and accessible so that critical items can be handled to limit the damage from a compromise.