The Sony Pictures hack of 2014 was a moment of awakening for every major corporation that stores data.
So, all of them.
Over the course of as long as a year, thousands of documents and emails were stolen from Sony’s servers by a hacker group calling themselves “Guardians of Peace.” Then, on November 24, 2014, Sony employee salaries, private emails and unreleased films were made public.
Suddenly, an entire company’s once-private information was available for all to see.
Before this breach occurred, cybersecurity vendors focused on threats like intellectual property theft. The idea of a multi-billion dollar corporation falling victim to a cyberattack wasn’t top of mind, according to Cathy Main, vice president of marketing and corporate relations at NSS Labs.
Today, cybersecurity has to accomplish much more as it keeps up with the ever-evolving strategies of hackers, which can include common tactics like phishing schemes or more complex methods such as SQL injections or malware attacks.
And, there’s no shortage of companies trying to protect all corners of the internet.
In 2019, the cybersecurity industry — comprised up of more than 1,200 vendors — had an estimated valuation of $120 billion, which is expected to rise to $300 billion by 2024. It certainly doesn’t make it any easier for companies to decide which cybersecurity system is best for their organization — to the inexperienced, telling the difference between one and another can be quite difficult.
By conducting research on cybersecurity products and testing its strengths and weaknesses, NSS Labs is able to produce comprehensive reports that organizations can use to navigate the complicated cybersecurity space.
To gain a picture of the entire process, members of NSS Labs’ research, DevOps and marketing teams walked us through how they’re protecting against cyberattacks.
Leaving no (cyber) stone unturned
The world of cybersecurity moves at lightspeed. On one side of the spectrum, there’s a network full of hackers with their own respective motivations trying to find new ways to break into servers and databases. On the other, there are cybersecurity professionals working to anticipate where any gaps may exist and quickly trying to fill them before they can be exploited.
NSS Labs Security Researcher Kevin Valle is tasked with staying up to date with the latest trends in cybersecurity so that any looming threats can be handled as they appear. In part, this means that he gets to take a close look at existing products, push them to their limits and see what breaks.
Kevin's primary responsibility is conducting research into new attack techniques that the testing team can implement.
What role does your team play in NSS Labs’ testing process?
I am currently leading my team in our support of the upcoming Breach Prevention Systems test. This involves becoming familiar with the simulated lab environment created by our engineering team and enumerating which exploits and attack techniques are applicable to the environment. My team works together to gather and create samples for the testing team, which allows us to cross-train and reduces the stress of deadlines. We work really well together, complementing each other’s strengths. My teammates are like family to me — and one of them happens to be my younger brother and is literally family.
As someone on the front lines of cybersecurity trends, what are the most common threats your customers are facing?
Customers are growing more concerned about cloud security, which makes sense considering that more and more applications are being migrated to the cloud. AWS, Azure and GCP have become “must-haves” for reliable, scalable web applications and services. With software developers exploring new design patterns, such as serverless architectures and the increasing popularity of containerized deployments, it is important that security vendors keep up to date and can offer protection.
Where do you see the industry of cybersecurity going in the next several years? Where does NSS Labs fit within that shift?
I see the cybersecurity industry becoming more accepting of newer, less experienced individuals. Access to learning materials and courses is only getting easier. When I was in college, there were only a few cybersecurity courses in the computer science program and they were beyond difficult to enroll in due to popularity and lack of professors. Now, there are increased class sizes and dedicated certificate programs.
NSS Labs was willing to take a chance on me as a computer science graduate and train me as I went along. Years later, I see the amazing work done by coworkers my age with similar backgrounds. NSS Labs was able to embrace us for our potential and, as long as I am here, I will be sure this continues into the future.
Constructing a controlled environment
In order for NSS Labs to conduct testing, it needs to produce highly advanced platforms to support work in a safe and controlled environment. That job comes down to the DevOps team, which is managed by Manager of DevOps David Casteel.
“If you think of it like a restaurant, my team members are the ones who design and construct the actual restaurant building,” Casteel said. “The walls, the dining room, the chairs, etc. Everything from making sure the gas lines get to the burners, finding a place for sharpening knives, and constructing safe and efficient corridors for the food-runners, fire exits, etc. But we do not provide the food, meal prep or actual services.”
David manages a team of engineers who are responsible for building out the platforms that are used for security testing.
What’s the process behind how your team builds the architecture to test products?
We use an Agile methodology, which drives requirements gathering, scope, timelines and execution. To fall back on my restaurant analogy, it is not uncommon that we get a request for a new restaurant. Sometimes that is the only information we are given — to “build a restaurant.” We then go back and continue to ask the relevant questions about what our customer really wants. What kind of food? Is this fast food, bistro, taco-truck, or a fancy dress place?
One of the other things that I have learned to ask is whether or not this is a franchise or a single instance of a restaurant. This is important because you will build a burger chain different than you would a boutique burger restaurant. We try to make sure that whatever we build we can rebuild quickly.
Cybersecurity will always be a problem and the need for it will never go away.”
How do you go about actually testing the cybersecurity software NSS Labs is reviewing?
Since we are a lab, we maintain a library of malicious software and we go to great lengths to keep it fresh and current. To do this, we deploy several thousand clean machines whose entire purpose is to go into the world and become infected. Once infected, we need to quarantine the machines and their particular infection. As you can imagine, there is a large amount of risk in this process.
These threat samples need to be stored, transported and detonated regularly. It takes the combined brainpower of my team, the engineering team, the test teams and our offensive research team to handle everything safely and to make sure the threat samples behave in an appropriate manner.
What are some of the biggest cybersecurity challenges your clients face?
Cybersecurity will always be a problem and the need for it will never go away. The biggest threat is often a lack of relevant information and knowledge. As long as companies fail to recognize this and put in products that are not equipped to defend against modern threats, or purchase products because a former colleague said it was good, they will be at risk. The need is growing and changing, so the need for relevant data is growing. The problem is that this information is not cheap nor easy to come by.
Responding to a rising demand
The need for cybersecurity has steadily grown. Cyberattacks accounted for an estimated $2 trillion in losses in 2019, according to Juniper Research, and is expected to triple to $6 trillion by 2021. With this increase in demand comes a surge of cybersecurity offerings that all claim to do different things, making it difficult for companies to tell them apart.
Essentially, distinguishing the good from the not-so-good. NSS Labs is regularly testing these good and not-so-good systems and records its findings that are later shared with its partners.
Cathy Main is largely responsible for showcasing the value NSS Labs’ reports bring to companies looking to bolster their cybersecurity efforts. Part of this often entails updating companies’ ideas of what the cybersecurity landscape really looks like today.
Cathy’s role makes her responsible for managing NSS Labs’ brand awareness and corporate messaging along with building strategic client relationships.
What is the importance of cybersecurity in today’s world? Since you started with NSS Labs more than seven years ago, how has the industry changed?
Cybersecurity impacts everyone today, and we are becoming more digitally dependent every year. Seven years ago, the Target and Sony hacks hadn’t yet occurred. We were worried about intellectual property theft. Now, ransomware attacks can hit a global organization, crippling it in 15 minutes. Losses are in the millions or more. And even with all the security alerts, organizations are still struggling to keep up because technology is changing so quickly.
Combine that with an estimated 40 billion devices to be connected to the internet this year — think Smart TVs, multiple devices per person, your car and talking refrigerators. Increasing connectivity to the internet is directly related to the range of cyber vulnerabilities that organizations face. People ask, “What keeps you up at night?” For those of us who work in cybersecurity, the answer is quite a bit.
People ask, ‘What keeps you up at night?’ For those of us who work in cybersecurity, the answer is quite a bit.”
How do NSS Labs’ customers benefit from the reports NSS Labs creates?
We recently renewed a client subscription for a third year around our custom testing services. The conversation began with their need to protect a highly sensitive network. They wanted to be sure their security products were performing with optimum coverage, and by providing them access to our 24/7 test results of three technology products, they were able to pull reports daily to check each product’s performance.