Rich Comber, CISSP, Head of Threat Prevention Engineering, Americas, built his first computer while in HS, back in the 70’s and is a lifetime member of the National Eagle Scout Association. Rich has been in IT related roles for the past 40 years. Joining Check Point in 1999, he started as an SE and advanced into several pre-sales tech positions. He was an original member of Check Point’s Emerging Product group, created in 2015. Today, Rich manages a team of security architects that focus on securing the remote workforce and data protection.
In this outstanding interview, Rich Comber discusses coronavirus-related cyber security challenges, how to improve threat prevention, insider risks and so much more. Get power-house insights that can help you unleash new possibilities and transform your infrastructure.
What kinds of coronavirus-related threats are you seeing right now?
As we start emerging from the stranglehold that the coronavirus has put all of us under, we are seeing scammers promoting the purchase of COVID-19 vaccinations online. In particular, they are targeting the elderly or folks who are afraid to leave their homes. Don’t let your family and friends fall for this. Use official state and local government web sites to understand if you are eligible and where to go to get your vaccination.
Are we beginning to see the emergence of a cyber pandemic?
Looking back on the global SolarWinds/Sunburst and Hafnium attacks on Exchange Servers, we are seeing examples where systems have been compromised and exploited for months before being discovered. These breaches used some of the most sophisticated techniques to spread and compromise targeted systems. Attackers are better organized and stealthy in their tactics than previously. I would say yes, we are seeing signs of several different cyber pandemics.
To achieve more advanced threat prevention, what steps should organizations take?
Plan, test, execute and adjust. Use a standard framework like NIST. Don’t rely on just firewall, IPS and AV. Advanced threat require additional security controls. Defense in depth deployed at multiple levels within the organization. Security controls should be set to prevent if possible. Ideally information from each security control should be shared in a common SIEM for analysis. Don’t neglect on employee security training.
Tell us about endpoint monitoring in a dispersed workforce?
Now that many of our employees are working from home, it’s important to provide security on any remote device that can communicate with corporate systems and data. Ideally, provide a zero-trust architecture where authentication is separate from data access. Harmony Connect provides a web based front end for corporate application access that provides strict controls based on user identity. It supports popular IDP systems with SAML 2.0 and provides full visibility on who is accessing each internal system.
Protecting your endpoint and mobile devices are just as important. Harmony Endpoint and Mobile are designed to give the same or better security controls as users had while working in the corporate office.
Preventing accidental insider risks? (wrong link click…etc)
People can be the weakest link in your security. Harmony Endpoint, Browse and Mobile provide zero-day phishing protection, testing sites dynamically, providing feedback in seconds and blocking a user from accidentally entering credentials into a phishing site.
Data Loss Prevention is also built into Harmony Email and Office to prevent confidential data from being sent externally.
Where are CISOs, CIOs or CTOs often missing the details within the larger picture?
Assume you have already been breached. Do you have a complete mapping of your organization hardware, systems, applications and infrastructure? What you don’t know about can hurt you. Detection is good, prevention is better.
How can organizations continue to grow their IT workforce, despite a skills shortage?
Promote and sponsor your local college and university IT programs. Attend and sponsor local ISSA events. Managed services provided by a trusted partner can also fill an immediate need when there is a knowledge gap on your staff.
Anything else that you wish to share with the Cyber Talk audience?
Keep investing in your employees and their education. It will pay off in the long run.