Terug naar blog

DETECTION AND RESPONSE

BE20241022 Detection and Response BannerOn October 22, 2024, Pointury hosted an insightful roundtable about cyber security with keynote speakers Johan Kestens, former CISO at BNY Mellon

Supporting NIS2 with Detection and Response: Insights from the Pointury Roundtable

On October 22, 2024, Pointury hosted an engaging roundtable focused on cybersecurity, featuring Johan Kestens, former CISO of BNY Mellon, as the keynote speaker. The event was attended by 16 CIOs and CISOs and representatives from HarfangLab and Gatewatcher, who gathered at Restaurant Controverse in Aalst for a lively discussion on the significance of integrating Endpoint Detection and Response (EDR) and Network Detection and Response (NDR). This discussion highlighted the evolving cyber threat landscape, industry trends, and the importance of staying ahead of regulatory changes such as NIS2 and DORA.

1. The Threat Landscape: A Rapidly Evolving Battleground
Kestens kicked off the event by painting a vivid picture of the modern threat landscape, emphasizing that 90% of cyber threats enter through endpoints or networks. He noted that patching 99% of endpoints within 24 hours is a near-impossible task for most organizations, yet hackers only need to exploit one weak point to infiltrate systems. The need for more sophisticated detection techniques has grown over time. He explained how the evolution of cybersecurity has transitioned from antivirus software to behavior monitoring, and now to anomaly spotting, a technique that owes its origins to astronomers at the University of Berkeley.

Kestens highlighted major vulnerabilities in tools such as Citrix, underscoring the importance of vigilance. He also drew attention to the international scale of cybersecurity efforts, referencing Japan’s national cybersecurity center, which employs 27,000 people, and Microsoft's cybersecurity division, which employs 26,000.

2. Cyber Operations: The Role of AI in Defense
The potential for AI in cyber defence was a major talking point. Kestens invoked the principles of warfare, noting that attackers generally require three times more resources than defenders. However, he questioned the long-term effectiveness of AI-based defenses, raising concerns about whether AI will primarily learn from simple, repetitive attacks and fail to adapt to more complex threats.

The opportunity to harness AI for cyber operations is vast, but it comes with challenges. How well can AI adapt to a continually evolving threat landscape? This is a question that looms large as more organizations integrate AI into their cybersecurity strategies.

3. The Cyber Industry: A Tool Overload?
Kestens pointed out that SIEM, EDR, and NDR solutions complement each other in the fight against cyber threats. However, he also acknowledged a growing problem in the industry: tool overload. Large organisations, particularly major banks and multinational corporations, often purchase a vast array of cybersecurity tools, which can lead to “shelfware”—software that is bought but never fully utilised.

This inefficiency is driving a consolidation trend within the cybersecurity industry, where more software solutions are being offered by a smaller number of vendors, and customers are narrowing down their list of suppliers. Kestens predicted that this consolidation will continue, as organizations seek more streamlined, integrated solutions.

4. Navigating Regulations: NIS2 and DORA
Another critical point of discussion was the growing importance of cybersecurity regulations, particularly NIS2 and DORA. As Kestens noted, the regulatory landscape is becoming more stringent, and organizations will need to be prepared for regular audits and cybersecurity drills. These regulations are not just bureaucratic hoops to jump through—they represent the cost of living in a digital world.

With NIS2 emphasizing a unified approach to cybersecurity across the EU, there is a growing need for businesses to invest in both detection and response capabilities, ensuring they remain compliant and resilient against attacks. Consultants and auditors will play an increasing role in helping organizations navigate this complex regulatory environment.

5. Geopolitics and Cybersecurity: The Talent Challenge
In his closing remarks, Kestens touched on the geopolitical context of cybersecurity. He likened Odessa to San Francisco in terms of its importance to the cyber world and described Haifa as Microsoft’s cybersecurity headquarters. However, one of the most pressing challenges for the industry, regardless of geography, is access to cyber talent. The shortage of skilled cybersecurity professionals remains a significant bottleneck for many organizations, further complicating efforts to keep up with the growing complexity of cyber threats.

6. The Importance of Integrated EDR and NDR
Throughout the roundtable, the recurring theme was the need for a holistic approach to cybersecurity, particularly through the integration of EDR and NDR. Both technologies provide complementary layers of defense. EDR focuses on detecting threats at the endpoint level, while NDR scans the network for abnormal behaviors and traffic patterns that could indicate an attack. Together, they offer a more complete view of an organisation’s security posture, improving both detection and response times.

With regulatory pressures from NIS2, organisations cannot afford to overlook the importance of investing in these technologies. An integrated approach ensures that threats are caught before they can cause significant harm, enabling organizations to stay one step ahead of attackers.

Conclusion
As cyber threats continue to grow in sophistication and frequency, the insights from Pointury's roundtable reinforce the importance of adopting a proactive, integrated approach to detection and response. With industry leaders like Johan Kestens highlighting key challenges and opportunities, it’s clear that success in cybersecurity requires both cutting-edge technology and a deep understanding of the evolving landscape. The combination of EDR, NDR, and compliance with regulations like NIS2 and DORA is crucial for staying secure in a digital-first world.

For more details on future events and insights, visit www.pointury.com.

Gatewatcher is a leader in the detection of cyber threats, Gatewatcher has been protecting critical networks of companies and public institutions worldwide since 2015. Our Network Detection and Response (NDR) and Cyber Threats Intelligence (CTI) solutions, analyse the vulnerabilities, quickly detect and respond to cyber-attacks.

Thanks to AI converging with dynamic analysis techniques, Gatewatcher delivers a real-time 360-degree view of threats, covering both cloud and on-premise infrastructures.

HarfangLab is a French cybersecurity company that publishes EDR (Endpoint Detection and Response) software, a technology that anticipates and neutralises cyberattacks on computers and servers. HarfangLab today has over 400 customers, including government agencies, businesses and international organisations operating in highly sensitive sectors.

HarfangLab's EDR stands out for: the openness of its solution, which integrates natively with all other security bricks; its transparency, as the data collected by the EDR remains accessible; and the digital independence it offers, as customers are free to choose their hosting mode: public or private cloud, or their own infrastructure.”

Check out upcoming events and other interesting articles on www.pointury.com.

Contacteer Ons