Ingalls Information Security: Before They Become Data Security Breaches
Jason Ingalls, Founder and CEOWhat are the key cybersecurity challenges faced by enterprises today?
The three primary challenges that companies face are lack of expert personnel, enormous amounts of data that must be reviewed for indications of intrusion or successful cyberattacks, and poor implementation and management of cybersecurity technology. All three of these factors prevent companies and organizations from being resilient to cyberattacks. I’ll briefly explain each of them.
Acute shortage of talented and experienced workforce has become a great concern for companies recognize the need for a skilled cybersecurity team. Today there are over 365,000 open cybersecurity jobs in the United States alone. It is estimated that there will be over six million total cybersecurity jobs worldwide by 2019, so the industry is growing faster than the talent pool can catch up. This creates enormous challenges for companies who must compete for talent that is in short supply.
The exponential growth of cybersecurity data is the next big challenge. As computer networks grow in size and complexity, organizations today have an uphill task of reviewing huge volumes of data to identify suspicious activity and correlate the evidence necessary to address cyberattacks. This problem goes hand in hand with the shortage of talent; there aren’t enough people and there is too much data.
Finally, many companies have invested a significant amount of capital into cybersecurity tools that are designed to defeat known adversaries, however they are unable to see return on their investment because the tools are improperly configured, poorly managed, and not used because of lack of talent.
These three issues facing companies today are the major reasons why companies aren’t able to control their cybersecurity risk and suffer data security breaches.
What is the strategy followed by Ingalls to protect the data and the information systems of its clients?
We practice a defense-in-depth strategy by implementing controls at different layers in the organization, properly managing those controls, and providing expert analysis for cybersecurity tool output.
“Three major cybersecurity challenges that companies face today are lack of expert personnel, an enormous amount of data, and poor implementation and management of cybersecurity risk controls.”
For example, we provide email helpdesk support so that any employee at our clients’ organization can forward suspicious emails to our Security Operations Center and get a response as to whether or not the email is in fact malicious; this allows the employee to do their job and let our experts identify whether or not an email is safe. We let the employee know what we’ve found and they can take the appropriate action, whether it is to delete the email or respond to it accordingly.
The email helpdesk feature is just one of a number of security controls that are implemented in our Managed Detection and Response (MDR) solution. Our goal with MDR is to identify intrusions or cyberattacks, map them to understand all of various elements of the attack chain, and work with our clients to get these issues resolved before the intrusion creates impact to our client. MDR relies on a suite of tools that collect data that is reviewed by analysts, who look for suspicious activity that is indicative of a cyberattack. The MDR toolset includes intrusion detection, endpoint prevention, and active directory deception technology, all of which help to inform our analysts about any event they feel the need to investigate. This gives us the knowledge to craft a remediation plan for the client, so that the attack is addressed in the fastest possible time and with the least amount of impact to our client.
Our experience and knowledge about cyberattacks is due to our long-standing service as breach responders. We are called in to very large, high-profile breaches, and the knowledge we gain by solving these very complex problems allow us the translate this experience into solutions that can prevent impact by finding intrusions and stopping them before they get worse.
What are the various services offered by Ingalls to secure the business environment?
At Ingalls, our services are designed to provide cyber resiliency for our clients. Resiliency is defined as the ability to survive and recover from an attack within a defined set of objectives, such as the amount of time it takes, and the level of services that must be restored.
Resiliency is a very important concept for the design of security controls, and we classify our services in two broad categories that reflect our commitment to resiliency; reactive and proactive. Reactive services are basically Incident Response services and are designed to understand our client’s environment as fast as possible, develop a plan of action to get our clients back to a normal operating state as quickly as possible, and to document and collect evidence necessary for processing insurance claims and prosecuting the attackers.
Our preventative services are designed to identify risk within our clients’ environments and develop compensating controls to mitigate these risks. We have consultants who perform risk assessments, penetration testers who break into some of the most secure organizations in the world, and cybersecurity analysts who spot advanced attacks in time to stop them before they create impact for our clients.
Could you give us a case study highlighting how clients benefit from your services?
One of our clients provides constituency management software that allows high-profile, elected members of government to contact and communicate with their constituency. In 2013, a data breach exposed the personal information of several high-profile customers of our client. They chose to engage Ingalls to identify, contain, and remediate the security breach.In addition to successfully resolving the breach, our consultants were able to perform risk assessments and work with our client to demonstrate they were in compliance with their contractual obligations for information security, and we have continued to support them as they have successfully provided service without a breach since we were called in.
