Optimising Cyber Security for the New Age of Complexity

Bitdefender advocates an MDR strategy for constant, around-the-clock monitoring with expert analysis and proactive threat hunting.

Managing cyber security in organisations has become more complicated than ever. Technology infrastructure is more complex with the disappearance of the perimeter and hybrid cloud approaches.

In turn, remote working and the need to bring in external partners; or even the need to manage consistent security policies across different divisions or companies that are acquired; make it even more difficult to maintain a high level of security with the limitations of personnel and resources that the market imposes.

In addition, threats continue to increase and grow in intelligence and sophistication: attacks that might have been considered targeted a few years ago are now easy to deploy and affordable for cybercriminals. Added to this are regulatory pressures and business pressures, which require ever greater agility.

Constant monitoring

In this context, one of the limitations faced by CISOs is to have complete visibility of all resources (cloud, on premises, storage, mobile devices) and the ability to process and correlate the data ingested in the SIEM to detect incidents and make a correct analysis of the security posture.

This requires optimising incident response processes with the support of MDR services, taking advantage of threat intelligence and automating security tasks to improve the effectiveness of cybersecurity teams.

The meeting organised by Silicon Spain together with Bitdefender was attended by Sofía Dilaverakis, Director of Information Security Program Management at Fluidra; Carlos Caballero, Threat Hunting at BBVA; Max Moreno, CISO at Grupo Viajes El Corte Inglés; Jesús Chico, CISO at Allianz Technology; Sergio Tagua, expert in Operational Efficiency and Automation Technologies; and David Carrasco, CISO at SanLucar Company.

As Raúl Benito, Territory Account Manager at Bitdefender, explained: “EDR solutions are already mature, but we need to evolve towards an MDR strategy that provides constant, round-the-clock monitoring with expert analysis and a proactive search for threats. Because companies don’t have the resources for this monitoring capability and it is becoming more and more important.

Something that, at the start of the meeting led by Daniel de Blas, head of Branded Content at NetMedia, he complemented by explaining solutions such as GravityZone CSPM+ that “allows you to obtain visibility of your identities and your cloud configuration in order to focus your efforts in terms of regulatory compliance”.

A starting point in which if anything was clear is that the traditional approach does not work and that, added Nuria Gálvez, Senior Field Sales Engineer at Bitdefender, the company can be the perfect ally as “we are currently the largest threat intelligence network globally”.

Reducing impact and response time

“Our solutions not only allow us to monitor and manage threats; they make the impact of an incident as small as possible, shortening the response time,” said Nuria Gálvez.

Thus, the lack of visibility immediately appeared as one of the main challenges faced by companies today, especially in multi-cloud environments such as BBVA’s. “We, by regulation and for security reasons, don’t use our solutions to monitor and manage threats. “We can’t take everything to the cloud because of regulations and security, so we have a scenario of multi-infrastructures and different clouds that make it very difficult to know what is happening at all times throughout the network,” explained Carlos Caballero, Threat Hunting at BBVA.

A very similar situation with the added bonus that more and more IoT devices are operating at Fluidra, commented Sofia Dilaverakis, the company’s Director of Information Security Program Management. “We are currently initiating our cloud strategy and we are very concerned about the lack of visibility,” she said.

She also added an element, the arrival of Artificial Intelligence, which is also posing a new challenge for companies, especially in the case of generative AI.

In Fluidra’s case, he pointed out, “we have bought licences so that they can use generative AI but with our control, in a secure environment in which corporate data does not go outside”.

AI: blocking is not the solution

“Blocking is not the solution and in our case what we are doing is providing users with more information, warning them of the risks they run when using a tool of this type at work,” said Carlos Caballero, Threat Hunting at BBVA on this issue.

Carlos Caballero, Threat Hunting at BBVA

Not only are different clouds or infrastructures an obstacle when it comes to cybersecurity, but also different headquarters in different countries. This is the case for David Carrasco, CISO of SanLucar Company: “We have offices in 8 different countries and the cultural differences are also evident in what we each understand by cybersecurity. Therefore, my main concern is the lack of visibility of what is happening in the other offices”.

As for the irruption of AI, David Carrasco shared how it helps them in processes such as unifying the information they receive from different suppliers and introducing it into the system and acknowledged that “to address its correct use, our strategy is also based on raising user awareness”.

David Carrasco, CISO of SanLucar Company.

The importance of having a robust vulnerability management system, “even zero-day ones”, is the reflection of Jesús Chico, CISO at Allianz Technology.

In his day-to-day work, global visibility is also his biggest headache. “Every day we are more and more connected to the network and it is not easy to know what is happening at all times at each point” and, of course, he was in favour of automation as a way to facilitate this task.

Sergio Tagua is an expert in automation, pointing out that “in cybersecurity there is a lot to automate”, and he even explained that these practices are very useful for “carrying out simulations of attacks against the company itself, always in a controlled manner”.

The user at the centre

Max Moreno, CISO of Grupo Viajes El Corte Inglés, said the user is always at the centre of any cybersecurity tool or policy.

“Sometimes they have been doing things in a certain way for years and you have to take into account their resistance to change and know how to manage it,” he said, while pointing out that they are always the weakest link. “Most attacks come through a user, which is why it is increasingly strategic, even as a country, to focus on training from school, to raise awareness of the importance of cybersecurity”.

An event in which it became clear that maintaining maximum security continues to be one of the main challenges for any company, a task that is becoming more complex every day, as is the IT infrastructure itself.

Continuing to innovate while guaranteeing the security of assets, information and users and complying with regulations such as DORA or NIS2 is a feat in which, once again, technology is an ally.