Arlette Hart, VP, Threat Advisory Services, Appgate, talks about the complexity of protecting assets in modern infrastructure and emphasizes Threat Advisory Services, to mitigate sophisticated cyber threats.
_______
Hi Arlette, could you tell us about your journey and your role at Appgate? How does Appgate contribute to securing organizations’ most valuable assets and applications?
I’ve been a big advocate for Zero Trust since serving as FBI CISO from 2012 – 2018. There I kept looking for ways to stop playing “whack-a-mole” against every cyberthreat and make systemic improvements. As I was leaving the Bureau, Appgate was hitting its stride and its unique ability to cloak infrastructure from unauthorized users really caught my eye. Fast forward to 2022 and I got to join this amazing company.
Protecting assets is increasingly difficult, especially with infrastructure scattered from the edge to the cloud. Organizations trust third-party clouds, SAAS apps and other cloud-based resources with their critical data, which puts security controls in others’ hands. Clouds need to be configured with security in mind. With SAAS, organizations need trustworthy vendors. And protecting on-premises resources has its own challenges with maintenance, patching and updates left to internal IT and security teams. And if you use all three like most organizations, complexity explodes.
Also Read:Â The Dynamic Duo: How CMOs and CIOs Are Shaping the Future of Business
It’s also important to know that where your assets are, and how they are secured. Who can reach them? Are they being modified appropriately? Are they being moved/copied without your knowledge? Making sure you have the right monitoring and alerting in place becomes critical, and it adds to the complexity.
Appgate SDP Universal Zero Trust Network Access (ZTNA) solves these data control and operational challenges. For security, it cloaks all resources and it can help limit aggregations of privileges for privileged users with riskinformed least privilege access, so the riskiest behaviors can be controlled. For data control, it’s unique directrouted architecture avoids the pitfalls of routing traffic through a vendor cloud. It also allows organizations to transform their networks with secure café-style connectivity by removing the need for MPLS.
Given the increasing sophistication of cyber threats, which Appgate solutions help overcome challenges and provide effective protection for its clients?
Appgate has a number of solutions that help mitigate cyberthreats. Our flagship product, Appgate SDP, is a bestof-breed Universal ZTNA solution that seamlessly ties identity to user to device to application, effectively inverting traditional approaches to security. Before, SOC analysts had to find the identity, the authorization, the access, the network and put them all together. SIEMs were okay at it, but the stitching happened after the fact.
With Appgate SDP, stitching together happens ahead of time. This means actions can be monitored more easily, approvals can be automatically implemented, and deprovisioning can be done on demand. So you know who is permitted to access your critical assets, and you know whether those assets were accessed and by whom. Combining SDP with monitoring using traditional tooling (e.g., DLP), you can have much better visibility to the accesses.
ppgate’s 360 Fraud Protection, comprising 360 Brand Guardian and 360 Adaptive Authentication, is a multilayered security platform. It provides AI-based brand protection and adaptive authentication to detect and stop threats without impeding customer access, addressing every stage of the fraud lifecycle. Each layer operates effectively on its own but is significantly more powerful an as integrated suite. This integration enables threat intelligence sharing across layers to identify and stop fraudulent activity.
And the Threat Advisory Services team that I lead at Appgate offers world-class penetration testing and malware analysis. Our pen test researchers provide services to customers, of course, but they also test Appgate’s products and infrastructure. We make sure we apply the most rigorous standards to our own offerings. And our malware analysts perform in-depth investigation of malware samples and bring comprehensive reports to customers.
These offerings bring different aspects of cybersecurity to customers and complement each other by addressing various facets of enterprise risk.
You’ve worked extensively in areas such as advanced persistent threats and insider threats. What are some emerging trends in these areas that organizations should be aware of?
Burgeoning cyberthreats are becoming more diverse and sophisticated by the day. Because the raw amount of data has increased dramatically, the threats themselves have increased dramatically. Information technology has become so critical to every part of life and people expect it to be magically secure and never fail. While not related to a breach, the astounding CrowdStrike failure has reminded us of just how interconnected systems are around the world and what happens when business continuity is disrupted.
Also Read:Â Top 10 Test Data Management Tools for Clean and Secure Data
Advanced persistent threats were once a rare occurrence, and victims tended to be financial institutions and big government. Now the threats are fast, devastating and indiscriminate as threat actors get better at finding backdoors. Today, there are plenty of chain reaction cyberthreat examples, like the zero-day exploits against Ivanti VPN CVEs earlier this year that caused CISA to issue an unprecedented mandate to all federal agencies to disconnect Ivanti appliances until patched. These days we all need to assume we’re a potential victim as cyber defense gets harder, because there is so much to defend against.
Regarding insider threats, the conversation is also much more complex. Often, insider compromises are due to human error or compromised employees or third parties that unintentionally fall victim to threat actors seeking to harvest corporate credentials. But they are also caused by malicious intent. All organizations have a range of employees, contractors and suppliers, and each has their own agenda, which can range from being very positive about the organization to being very negative. Further complicating the issue is that it’s often hard to distinguish an insider threat versus an external threat masquerading as an insider. But excess access, privilege hoarding and the explosion of data all make it easier to be a hostile insider that’s harder to find, because they can hide. Again, Zero Trust is a good starting point to mitigate the risk.
Increasingly, we can expect threat actors to harness AI to amplify attacks with, for example, ultra-realistic phishing emails can effortlessly bypass spam filters, social engineering scams can expertly mimic internal communications, or malware can constantly morph to outsmart traditional defenses. Generative AI also makes it easy to unleash malicious campaigns in multiple languages at rapid-fire speed.
Traditional security solutions like risky, open port VPNs and firewalls are no longer the answer. That’s why the least privilege access, continuous authentication and verification of authorized users and devices, plus microsegmentation that stops unsanctioned lateral movement should a breach occur is making ZTNA the enterprise secure access solution of choice.
What are some of the latest innovations Appgate has introduced in the field of cybersecurity?Â
Advancements in Our Universal ZTNA Solution
Appgate has released Appgate SDP 6.3, the latest iteration of its leading direct-routed Universal ZTNA solution. This version is engineered to transform enterprise and federal agency networks by strengthening security and safeguarding critical assets while minimizing operational costs. Key enhancements include improved agility, efficiency and overall network security to boost business continuity and performance.
In addition, an AI-based risk engine enhances Appgate SDP’s ability to maximize resiliency, speed and performance. By leveraging artificial intelligence, the risk engine facilitates early identification and neutralization of potential security threats, to elevate an organization’s cybersecurity posture.
Launch of Malware Analysis Service
We also introduced a malware analysis service aimed at bolstering cyber defenses. This service is designed to help organizations identify and neutralize malicious software and potential threats. It serves as a critical tool to enhance an organization’s ability to protect against and respond to cyber incidents promptly and efficiently.
Can you highlight some of the best practices Appgate employs for organizations to effectively assess and mitigate risks in cybersecurity?
Appgate SDP’s dynamic live entitlements automatically modify access in near-real time based on context and risk. It enforces the Zero Trust principle of least privilege with microsegmentation and employs single packet authorization to make all resources invisible and limit lateral movement. And it’s extensible, API-first technology integrates with tech stacks to reduce risk by building security directly into business processes and workflows.
We also do risk assessments through our Threat Advisory Service penetration tests, so customers can understand the likelihood and impact of specific risks to their environment from the software they develop or use, from their network protections and across information technology assets.
Before we wrap up, could you share five essential practices that every B2B Chief Information Security Officer should follow to maintain a strong cybersecurity ecosystem?
- Move to Zero Trust security. This is THE answer, not just an answer.
-  Stay current on the state of the cyberthreat landscape. Know what you’re up against all the time and how threat approaches are morphing.
- Â Stay current with technologies in the cybersecurity and IT space, including their impact across the space (use in organization, use in protection, use as a threat).
- Â Know your own risk. Control how your data traverses your network and lock down resource access, so you
- don’t open your organization up to unnecessary risk. This means using rigorous least privilege access policies to know what is going in and out or your organization and who can do what, when and where, and
- optimizing a Zero Trust implementation. Keep in mind your suppliers are also a risk, so know what data they are supposed to be securing for you.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
Prior to joining Appgate, Arlette served as Senior Technologist for Cybersecurity at Leidos Corporation, where she drove organizations toward comprehensive, risk-based protection strategies. Prior to Leidos, Arlette served as Chief Information Security Officer for the Federal Bureau of Investigation, ensuring that the FBI’s data, capabilities and networks were available where and when the Bureau and its partners needed them. She currently serves as Adjunct Faculty at Carnegie Mellon University, supporting the Chief Information Security
Officer Certificate program. Arlette’s areas of expertise span the scope of cybersecurity, from compliance to operational, and include security architecture, advanced persistent threat, insider threat, intelligence, risk and compliance, and compromise assessment and mitigation.
Appgate secures and protects an organization’s most valuable assets and applications. Appgate is the market leader in Zero Trust Network Access (ZTNA) and online fraud protection. Appgate products include Appgate SDP for Universal ZTNA and 360 Fraud Protection. Appgate services include threat advisory analysis and ZTNA implementation. Appgate safeguards enterprises and government agencies worldwide.