Blog
Cloud Control

Cloud Control: Q&A with Lou Rabon on Defending Against Nation-State Attacks and Advanced Persistent Threats

June 11, 2024

Want weekly newsletters featuring interviews with security and cloud leaders delivered right to your inbox? Sign up for Cloud Control here.

Lou Rabon on Defending Against Nation-State Attacks and Advanced Persistent Threats

Hey Cloud Control Readers šŸ‘‹

We're back after an exciting New York Tech Week! I'm thrilled to bring you a conversation with Lou Rabon, the Founder & CEO of Cyber Defense Group. Louā€™s got over 25 years in cybersecurity, and his insights are invaluable, especially when it comes to defending against sophisticated threats like nation-state attacks and advanced persistent threats (APTs).

In our chat, Lou dives into how Cyber Defense Group stays ahead of the curve by focusing on foundational security practices, proactive threat intelligence, and breaking down silos within organizations. He shares some eye-opening stories from his incident response experiences and offers practical advice on building a resilient cybersecurity strategy.

One of my favorite parts was hearing Lou talk about the importance of Privacy Engineering and how it combines technical cybersecurity with legal requirements, creating a holistic approach to data protection.

We also touched on the unique challenges of cloud security and how emerging technologies like AI and quantum encryption are shaping the future of cybersecurity.

Donā€™t miss this chance to learn from one of the best in the field. Dive into the full interview below, and stay tuned for more insights from industry leaders.

Cheers,

Ian

Question 1 šŸ’­

Lou, itā€™s great to have you on! With cyber threats evolving so quickly, what key challenges are you focusing on at Cyber Defense Group to stay ahead of sophisticated threats like nation-state attacks?

Answer 1 šŸŽÆ

Thanks for having me! Threats are evolving quickly, so we keep an eye on discovered Tactics, Techniques and Procedures (TTPs) in the environments we are monitoring, as well as consuming information from DHS/CISA/FBI and various Information Sharing and Analysis Centers (ISAC). Ā That being said, a majority of attack vectors relate to foundational security - basic hygiene such as access management and technical control configurations, which donā€™t require advanced threat knowledge.


 

Some key takeaways: ensure you are regularly testing your IR [incident response] plan across multiple domains (executive, technical, etc), ensure you have a unified view of your environment (to the extent possible) and break down silos when it comes to security as much as possible.Ā 

Question 2 šŸ’­

You've handled some pretty intense incident response situations. Can you share a particularly challenging incident you managed and what key takeaways others can learn from?

Answer 2 šŸŽÆ

Yes, IR can be ā€œfunā€, especially as the lead, but itā€™s also intense and all-consuming.Ā  One of the most challenging IRs I worked on involved multiple business units of a large organization, each with their own CISO and tech teams.Ā  They operated in silos, with different technology stacks and security tools.Ā  One of the first things we did was to ensure we had full visibility into their environment by unifying their tool stack and dashboard(s).Ā  This allowed us to gain situational awareness quickly and contain the threat so they could get back to business.

Some key takeaways: ensure you are regularly testing your IR plan across multiple domains (executive, technical, etc), ensure you have a unified view of your environment (to the extent possible) and break down silos when it comes to security as much as possible.Ā 


 

Question 3 šŸ’­

You've got a lot of experience in both privacy and security. How do you see these fields intersecting more with increasing regulatory pressures?

Answer 3 šŸŽÆ

Unfortunately, the regulatory environment for both cyber and privacy is a mess in the US right now. Cyber is under-regulated and privacy regulations have too many different rules (Global/Federal/State). Both are about data - knowing where your data is, how itā€™s being used and how itā€™s protected. So thereā€™s a big convergence with cyber and privacy since they are interrelated. Privacy Engineering is new, and it combines the technical aspects of cyber and DevOps/IT with the legal requirements of privacy - bringing these three distinct areas together in an exciting, new way.


 

Question 4 šŸ’­

Cybersecurity-as-a-Service (CSaaS) is a unique offering by Cyber Defense Group. How does this model differ from traditional approaches, and what advantages does it offer to mid-market businesses?

The advantage of CSaaS is that it can be tailored to whatever aspect of a cybersecurity program is needed, and mid-market businesses can get a seasoned cybersecurity leader and team, without the overhead of full-time resources.

Answer 4 šŸŽÆ

We work with many companies that have existing security teams, so what might traditionally be called virtual Chief Information Security Officer or ā€œvCISOā€, did not fit for larger organizations that have an existing CISO. Our offering is unique in that itā€™s custom-tailored to the needs of the businesses we work with. For instance, we have one large retail client that just needed a Managed GRC function, so thatā€™s what CSaaS is for them. Another client needs us to run their Vulnerability Management Program. Clients that need a full security team to implement and manage their full cybersecurity program are getting CSaaS as well, but the market would call this vCISO. Although cybersecurity is complex, we have distilled it into 13 domains, like vulnerability management and incident response, which we can offer as a comprehensive program, or individually, based on the needs of each client. The advantage of CSaaS is that it can be tailored to whatever aspect of a cybersecurity program is needed, and mid-market businesses can get a seasoned cybersecurity leader and team, without the overhead of full-time resources.


 

Question 5 šŸ’­

Dealing with Advanced Persistent Threats (APTs) is tough. What are the most critical components of a solid APT defense strategy in your experience?

Answer 5 šŸŽÆ

Catching and containing the initial compromise early is the best way to prevent an APT.Ā  Having a mature cybersecurity program with repeatable processes and conducting regular reviews is essential as well.Ā  Finally, having proper visibility into your environment, and understanding anomalous behavior can ensure that anything that might get past your initial defenses will be detected before the attackers can gain a foothold and take action on their objectives.Ā Ā 

Attacks are getting more sophisticated and ā€œhiding in plain sightā€ (i.e. using legitimate services and protocols)Ā  so organizations that are likely to be targeted for APTs need to have a very in-depth understanding of their environment and use proactive defense techniques such as decoys and continuous threat hunting.


 

Question 6 šŸ’­

Youā€™ve seen many companies struggle with cybersecurity maturity. What are the most common pitfalls you notice, and how do you help organizations overcome them?

Answer 6 šŸŽÆ

The biggest issue we see is either underinvestment into cybersecurity or overconfidence in technology alone. That means many companies are either not investing enough, asking one or two people to do the work of an entire team, which has a number of issues such as expecting them to cover strategy and governance, operations, security architecture, third party risk management, compliance, and incident response. Thatā€™s a lot for 1-2 people.

The other issue, overconfidence in technology, means that companies tend to invest most of their cyber budget into technology, such as endpoint, SIEM, etc, without a clear strategy or understanding of what the major risks are. Cybersecurity consists of people, process and technology, and most organizations are just concentrating on the technology part, which is what gets them into trouble

The other issue, overconfidence in technology, means that companies tend to invest most of their cyber budget into technology, such as endpoint, SIEM, etc, without a clear strategy or understanding of what the major risks are. Cybersecurity consists of people, process and technology, and most organizations are just concentrating on the technology part, which is what gets them into trouble. To solve this, we conduct Security and Risk Assessments for organizations to help them understand where they are as a first step. This helps benchmark their cybersecurity program. Ā We also provide a roadmap as part of this exercise, so they can align business objectives with their risk appetite, and ensure they are not wasting money on things that may not have as much of an impact as they think.


 

Question 7 šŸ’­

With your global experience, how do you tackle the unique cybersecurity challenges different regions face? Can you share an example where regional considerations significantly impacted your strategy?

Answer 7 šŸŽÆ

Most regions these days are under constant attack. Although geopolitical conflict can make it more likely that you are getting targeted with attacks (think Ukraine and the Middle East), the world is essentially equal these days when it comes to getting attacked.


 

Question 8 šŸ’­

Cloud technologies are everywhere now. What are the top security concerns you encounter with cloud-focused businesses, and how do you address them?

Answer 8 šŸŽÆ

Cloud-native or cloud-focused businesses usually have a DevOps function, which means theyā€™re pushing code, so securing their SDLC is a big concern. Also, if a company hasnā€™t started in the cloud but they are migrating to it from a legacy, on-premise environment, then there are misconceptions, especially about security, that need to be addressed. For instance, an IT person that has been managing on-prem infrastructure for a decade is going to need some training when it comes to cloud networking and access control configurations. Understanding what is where in the cloud environment, and properly segmenting access and data, is a big concern as well.


 

Question 9 šŸ’­

Cyber Defense Group has grown rapidly and been recognized for it. What strategies have been crucial to scaling your cybersecurity services while keeping high standards of security and customer satisfaction?

Answer 9 šŸŽÆ

This has definitely been a challenge, and weā€™re still learning! We are attempting to automate parts of our internal processes, such as client onboarding, which allows for a more predictable and smoother experience for our clients, and allows us to scale as we grow. Our goal is to treat our services like a product, which can be challenging when one of our other value propositions is custom-tailored services. Ultimately, the thing that has enabled us to scale with high standards is our people: we have some of the most talented resources in the industry. Finding the right people has been a challenge, but weā€™ve determined that the best fit for an employee at Cyber Defense Group is someone with an entrepreneurial mindset - someone that can wear multiple hats, doesnā€™t need too much hand holding, and can get stuff done. Our current team is what has led to our success.


 

Question 10 šŸ’­

Looking ahead, what emerging trends or technologies do you think will have the biggest impact on cybersecurity? How is Cyber Defense Group preparing to integrate these advancements into its services?

As for post-quantum, we are at a point where certain entities, namely nation states, are storing petabytes of encrypted data so they can decrypt it once quantum computers become useful enough to do this on a regular basis.Ā Thatā€™s why itā€™s important to start using quantum-resistant encryption as soon as possible.Ā 

Answer 10 šŸŽÆ

There are two big things happening now that will affect cybersecurity: AI and post-quantum encryption.Ā  AI is overhyped at the moment, but when you think of an expert, automated system that can find vulnerabilities 24x7 - thatā€™s a scary proposition for anyone, and our best defense against this is ensuring that our clients are continuously improving their defenses and minimizing their attack surface.Ā AI is also great at social engineering, so awareness and training is becoming even more important.

As for post-quantum, we are at a point where certain entities, namely nation states, are storing petabytes of encrypted data so they can decrypt it once quantum computers become useful enough to do this on a regular basis.Ā Thatā€™s why itā€™s important to start using quantum-resistant encryption as soon as possible.Ā There are a number of solutions out there and we are advising our clients to start thinking about this and how to pivot from current encryption algorithms to the new quantum-safe ones.Ā 

Latest AWS and Azure Updates You Donā€™t Want to Miss

  1. AWS Systems Manager Parameter Store now supports cross-account sharing
  2. Generate AWS CloudFormation templates and AWS CDK apps for existing AWS resources in minutes
  3. AWS free tier now includes 750 hours of free public IPv4 addresses, as charges for public IPv4 begin
  4. Azure Red Hat OpenShift April 2024 updates
  5. General availability: Extensible key management using Azure Key Vault for SQL Server on Linux

Top Articles and Resources of the Week

Articles

  1. Microsoft rolls back ā€˜dumbest cybersecurity move in a decadeā€™
  2. 16 DevSecOps trends shaping the future of software and cybersecurity
  3. A cloud-storage company is using AI to save employees weeks of cybersecurity-threat work
  4. Fortinet grabs cloud security player Lacework
  5. Microsoft revamps controversial AI-powered recall feature amid privacy concerns

Resources

  1. Federal Cyber Defense Skilling Academy: CISAā€™s Cyber Defense Skilling Academy provides federal employees an opportunity to focus on professional growth through an intense, full-time, three-month accelerated training program.ā€
  2. The Workforce Framework for Cybersecurity (NICE Framework): Learn more about the NICE Framework Categories, Work Roles, Competencies, and Task, Knowledge, and Skill (TKS) statements as well as the relationships between those elements in this downloadable PDF.ā€
  3. Workforce Management Guidebook - Cybersecurity is Everyone's Job: A publication that talks about cybersecurity from every business function and aspect of an organizationā€™s operation. It is written for a general audience who may not be knowledgeable about cybersecurity and can be read as a complete guide or by each business function as standalone guides.
  4. 7 Popular Cloud Security Certifications for 2024: This article provides a comprehensive overview of the top cloud security certifications for 2024, essential for professionals seeking to enhance their skills and career prospects in the rapidly evolving cloud security landscape.
  5. Cybrary.it: A platform for cybersecurity professionals at all levels, featuring free courses, certification training, and hands-on virtual labs designed to prepare users for the latest threats and vulnerabilities, making it a valuable resource for anyone looking to start or advance their cybersecurity career.