SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers

Exclusive: Mandiant Consulting highlights evolving cyber threats and AI’s role

Fri, 11th Oct 2024

Mandiant Consulting, a division of the cybersecurity giant Mandiant, is committed to helping organisations prepare for and respond to cyber incidents, providing critical lifecycle support.

"Our goal is to leave companies with better capabilities, making them more prepared for future incidents, besides responding to ongoing and current ones," Jurgen Kutcher, the global head of Mandiant Consulting, stressed to TechDay during an exclusive interview.

Kutcher, who has been with Mandiant for over 14 years, explained that the company offers end-to-end consulting services with a strong focus on incident response capabilities.

The firm now has nearly 1,000 employees across 30 countries, all dedicated to assisting clients with their most pressing cybersecurity needs.

Cybersecurity challenges for CISOs

When asked about the challenges keeping Chief Information Security Officers (CISOs) awake at night, Kutcher noted that cybersecurity threats are continuously evolving and becoming more sophisticated. "Defences that were sufficient yesterday may no longer be today," he explained. CISOs must constantly update and validate the effectiveness of their security programs to keep pace with increasingly aggressive adversaries.

Kutcher pointed out that attackers are no longer hesitating to endanger human lives, particularly in sectors like healthcare. "We've seen attackers become more personal, going after executives and making their attacks more direct," he added.

Shifts in attack vectors

One of the most significant changes Mandiant has observed is the increasing use of zero-day vulnerabilities, where attackers exploit previously unknown security flaws. These attacks are not limited to general applications but also target security appliances and products.

"Zero days are particularly challenging for organisations because patches may not always be available," Kutcher said. This development highlights the need for a robust defence strategy, including hunting for potential zero-day exploits within an organisation's environment.

Phishing remains a prevalent threat, but it has been overtaken by zero-day attacks as the primary concern. According to Kutcher, it is essential for organisations to maintain strong hunting capabilities, as classic security tools may not be sufficient to detect such persistent threats.

The role of AI in cybersecurity

Artificial Intelligence (AI) is another critical factor in the current cybersecurity landscape, both for attackers and defenders. Kutcher explained that while adversaries are leveraging AI to improve social engineering tactics—using deepfakes and more convincing emails—defenders also have access to AI-driven tools that can greatly enhance their capabilities.

"We are using AI to increase speed and scale in our investigations. For instance, AI can help us create detection rules faster, which is crucial during a cyber incident where every minute counts," Kutcher said. Mandiant's consulting services are also utilising AI to sift through large amounts of data, identify malicious code in software, and summarise threat intelligence for executives.

AI's ability to streamline repetitive tasks and assist with report generation has made a noticeable difference in daily operations, according to Kutcher. "It simplifies our lives and gives our investigators more time to focus on the actual incident rather than worrying about workflows."

Mandiant's expertise and neutrality

Mandiant's long history in incident response, stretching back over two decades, is a key differentiator in the market. "We are technology agnostic, meaning we can help organisations regardless of the technologies they use," Kutcher said. Mandiant's impartial approach, combined with its extensive network of technology partners, allows the company to support clients even if they lack the necessary resources to conduct a thorough investigation.

Kutcher also highlighted Mandiant's access to unparalleled threat intelligence, which provides vital insights into how attackers operate. "Our intelligence-driven approach allows us to stay ahead of adversaries and helps our clients do the same," he added.

Six critical functions of cyber defence

Kutcher went on to explain the six core functions Mandiant has identified as essential for effective cyber defence: intelligence, detection, response, validation, hunting, and mission control. Intelligence, he said, is the first and most important component, as it provides crucial information on how attackers operate and what they might target.

Detection comes next, with organisations needing to understand the context behind an incident and ensuring they focus on the right signals amidst a flood of data.

"One of the challenges we see is that organisations often have signals of an ongoing incident but fail to put them together," Kutcher explained.

Response, the third function, involves not only investigating and understanding an incident but also containing it. With ransomware still a dominant threat, speed is critical in preventing incidents from escalating into widespread issues.

The fourth function, validation, ensures that security controls remain effective over time, as Kutcher warned that many organisations suffer from 'controls drift'. Regular red and purple team exercises are recommended to test and enhance an organisation's security posture.

Hunting is the fifth function and is essential for proactively searching for threats that may evade detection by traditional security controls.

"Hunting is really the only way to detect attackers who are skilled at avoiding detection," Kutcher said, adding that this function is especially crucial for organisations dealing with zero-day vulnerabilities.

Lastly, mission control involves coordinating all efforts during an incident, ensuring that legal, HR, and business teams are brought into the response process. Effective management in the early hours of an incident can prevent mistakes with long-term consequences.

Looking ahead

With AI becoming more integrated into both cyberattacks and defences, Kutcher is optimistic about the future.

"Right now, the defenders have the advantage," he said. He emphasised the importance of continuing to build on this lead, particularly as attackers experiment with AI.

To stay ahead in the ever-evolving cyber landscape, Mandiant is committed to using cutting-edge technology to assist organisations in fending off attacks.

"It's a constant race, but we're confident that our expertise, intelligence, and neutral approach set us apart," Kutcher added.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X