Managing Cybersecurity in a Rapidly Evolving Landscape
To quote Bob Dylan, “the times they are a-changin’.” Indeed they are—in the last decade alone we’ve seen a huge shift towards cloud technologies and software as a service (SaaS), both of which have had massive implications for cybersecurity.
We sat down with Pasha Probiv, the CEO and co-founder of cybersecurity firm White Hack Labs, to gain some insight into how his company is dealing with this evolving landscape.
Q: What was your career trajectory, and what led you to create White Hack Labs?
A: I started my career as a software engineer 20 years ago, building software applications for finance, transportation, and marketing companies in the dawn of SaaS era. Throughout my career as a technology strategist, the topic of cybersecurity has always taken the spotlight. I would make recommendations on how to protect customer data, make computer systems hard to detect by un-intended visitors, pursue compliance goals, and implement security controls. This service has become my primary activity for the past 10 years, and I thought it would make sense to start a business dedicated to just that.
Q: How does White Hack Labs distinguish itself from other cybersecurity companies?
A: We provide offensive services of “Red Teaming” and “Penetration Testing,” primarily for SaaS companies. We have chosen the niche of SaaS businesses because my partners and I have serviced them for decades and know that market very well. Offensive services means that companies hire us to test the security of their systems and provide evidence of any vulnerabilities; we believe that an evidence-first approach is the most appropriate way of determining risk level. There are many security tools and services on the market, but it’s hard to decide whether or not a client needs them before doing the risk assessment. Our service provides that risk assessment and serves as a starting point in improving business cybersecurity. That is our focus.
Q: What goes into a typical White Hack Labs penetration test?
A: Penetration tests typically contain the following steps:
Scoping call: We get on the phone with the client’s technical team to define the scope of the test. The client can choose to do a black or white box test and defines which systems and endpoints need to be tested.
Proposal: Based on the scope, we provide a proposal with the price for the test.
Kick-off: After agreement and scheduling of the test, we usually have a kick-off call with the client right before the start of the test. The purpose of the call is to validate that we have notified all involved parties and we have everything needed to start.
The Test: We start the penetration test by gathering any publicly available information about the systems in scope. Then we identify vulnerabilities and try the most outrageous exploits early in the test. Our goal is to get evidence of most critical security issues as early as possible. If we succeed in finding critical problems, we report them to the client immediately. The test is usually done in a production environment, and we take measures to make sure our client’s system remains available for its customers.
The Report: After the test is complete we produce a comprehensive report with a list of vulnerabilities we found and the risk level associated with them. We use Common Vulnerability Scoring System (CVSS v3) to assess the risk level of each issue. In addition we include step-by-step instructions and technical notes on how to re-produce each exploit and technical recommendations on how to best address the issue.
Close-out call: On this call we address any questions the client team may have about vulnerabilities in the report.
Q: How do companies benefit from outsourcing cybersecurity operations versus hiring
A: Companies often have internal personnel responsible for the integrity and security of their IT systems. The internal team doesn’t always have the skill set needed to perform something like a penetration test or compliance or incident response. That’s when external companies get involved. A company doesn’t need to maintain a team of cybersecurity experts to get to their desired outcome. Cybersecurity talent is hard to find and a company needs to maintain a specific culture to keep the best people aboard. In addition, inviting an outside company offers a fresh look at your system, and that’s exactly what’s needed for dispassionate risk assessment.
Q: How has the cybersecurity landscape changed over the past few years? Has cloud
technology increased or decreased the potential for breaches?
A: We are still in the middle of a global cloud transition. Individuals and corporations are constantly migrating to large cloud providers like AWS, Azure and GCP. Overall, it’s a very positive change for the security of their networks. Many clients now use WAF/CDN services like CloudFare or Incapsula that add an additional level of security to their public endpoints. Switching to a big cloud player definitely decreases the chances of network breach as both AWS and Azure have special tools to maintain the security and integrity of their clients’ networks, and they take it very seriously. As for sending your data to the cloud, its a personal choice for every company; companies that do send their data to the cloud will still maintain encryption keys on private servers.
Q: Going forward, where do you see the future of cybersecurity? How will anticipated
technologies like quantum computing and advanced artificial intelligence play a role?
A: Machine Learning plays a big role in threat detection and intrusion prevention right now. There are many products, like Darktrace, for example, that have already made a huge difference across all industries. As defensive tools get more sophisticated, offensive tools will get more sophisticated as well. You can see now how many viruses hide themselves from anti-virus software by using a legitimate software footprint, and how hackers use new tech like Docker, Packer or Kubernetes as new doors to breach different systems. As technology advances, it will be used to both sponsor and prevent attacks. It is becoming utterly important to have the right partner who can stay on top of the latest in tech with an eye on cybersecurity.
Written by Daniel DiPietro & Edited by Matthew Durborow & Alexander Fleiss