サイバーセキュリティ最前線で活躍するアナリストたち – 小林さん、尾山さん
Much has changed in the past two years. How we work, where we work, and the nature of work itself have been fundamentally altered by a pandemic, social upheaval, and technology advancing to meet the moment. In many ways, the cybersecurity approach of the mid-2010s isn’t just out of date—it’s downright dangerous for modern companies to adopt.
Few know this better than Kaito Kobayashi and Tokio Oyama at SYSCOM GLOBAL SOLUTIONS’ Security Operations Center in New York. “Before Covid, it was simple,” says Kaito, Senior Security Analyst. “Everyone at the office used their office computer to access an office server on an office network. The office meant safety, and everything else meant danger.”
That kind of control over internal systems is gone, says Kaito. “Now, everyone’s working from home, from the cafe. They’re using their PC, a phone, and different wifi networks.” With so many different locations, devices, and networks in your distributed workforce’s day-to-day work, the opportunities for viruses and spyware to get through increases dramatically. “The infrastructure has to protect everything. You can’t just secure the network or server or PC. Threats can come in from any angle, so you have to protect from every angle.”
The question today isn’t if your tech stack will be breached, but when and how. And as far as Tokio, Security Analyst in New York, is concerned, any security posture that’s still trying to prevent breaches is lacking. “We have to be concerned about what happens in user home environments,” says Tokio. “They don’t have enterprise-grade firewalls or the protections of internal networks. If the user is WFH, bad actors just have to hack the home router. So we have to protect that environment, too.”
Use all solutions available to solve the problem. Having the latest firewall in your office isn’t enough anymore.
So what’s a cybersecurity analyst to do in an age where malware breaches can’t be stopped? Expect them, anticipate them, and make sure the damage is limited. “We have to use all solutions available to solve that problem,” says Tokio. “Having the latest firewall in your office isn’t enough anymore.”
Tokio had to put this idea into action recently. A client had accidentally distributed a file containing sensitive information to his employees, and contacted the Security Operations Center to figure out who had accessed it and if any duplicates existed within his cybersecurity environment. While not necessarily a cybersecurity threat, this was still a major incident that required the SOC.
“I came up with the idea of using Crowdstrike’s EDR tools, normally used for tracking down malware, to help track down all the copies of this file in the environment.” Crowdstrike is an Endpoint Detection and Response tool that logs actions taken on all computers with the Crowdstrike sensor in them. “I managed to extract the list of users who had downloaded or accessed this file, and the client was able to track them down and delete the files.”
While unconventional, Tokio still effectively assessed the threat, took stock of the Endpoint Detection and Response tools available to him, and was able to contain the threat. In this new world of multiple devices, networks, and an increasingly digitally-literate populace, preparing oneself to react quickly to breaches is essential.
Kaito is a firm believer in Next-Gen Anti-Virus tools. “Traditional AV can’t catch new viruses,” says Kaito. Rather than trying to stay on top of the current state of cyber warfare, “NGAV monitors user activity and behavior to determine safety and trustworthiness. Zero-trust comes into play here.”
If you assume everything is a threat, you’ll catch and corrall the threats before they can run rampant through your entire system. In fact, analyzing user behavior and anticipating security breaches can often pay even greater dividends than adding layer after layer of robust anti-virus measures. “Make it simple,” says Kaito. “If there’s too much product, too much stuff, you might create a little hole. Make it simple, make it improve the security, and make it user-friendly.”
Threats can come in from any angle, so you have to protect from every angle.
Senior Security Analyst
“It’s about controlling for the human element,” chimes in Tokio. “Let’s say I create an admin account on a directory server, just to adjust a setting or add a user. I never use it again, but I don’t delete it either. Now it’s there and I’ve forgotten about it. If a hacker accesses that, they can access the entire server.”
An element of common sense is needed in tandem with cutting-edge cybersecurity measures. “Keep in mind the environment and where you can strengthen your security environment,” summarizes Tokio. “Closing one hole can make the difference between corrupting your whole environment or just one computer.”
It’s clear that Kaito and Tokio love what they do. These two defenders at the frontier of security solutions talk about what working with SYSCOM clients is like. “The security products we offer are cutting edge and we are very flexible when it comes to implementation and monitoring,” says Tokio. “We want to work with our customers to support their needs. We are not afraid to look for other solutions even if we do not yet offer it, or find new technology they’re interested in.”
“I started the Security Operations Center a year ago. We have over 500 users now and 20-30 customers,” says Kaito. “The cyber security market has been expanding; in the next five years it will explode.”
To get started on your path towards a cybersecurity posture that’s prepared for the future, reach out to our Security Operations Center , click here.
Keep It Simple, SYSCOM: Le Thi Thao Ly’s Direct and Effective Approach. “We don’t have one-size-fits-all solutions, we have the most suitable solution for the customer.”
Bernard Bravo’s drive to understand is the engine powering SYSCOM: “When I build these relationships with our customers, they become more than a customer.”