Using AI To Detect Cyber-Attacks Before They Start

AST:

Well, good morning, everybody. Welcome to our podcast. In today’s segment, we will be talking with Miss Carrie Bowers. She is the director of the extended detection response at a leading cybersecurity firm known as Agio. Carrie, thanks for your time. And you know, during these holidays, I know a lot of business leaders like yourself are very busy. So once again, thank you for taking time out of your schedule to do this. Let’s go and get started, please.

Carrie:  

Great. Sounds good. Thanks for having me.

AST:

We looked at your bio, and we did some background snooping on you. We didn’t do a background check or anything but we looked you up on Google and you seem to have a great background and cyber. Really deep and rich. Can you tell us some of the highlights of your career and kind of how you landed where you are today?

Carrie: 

Yeah, so I have to go back quite a few years. It really started in the army. I joined in 2002 as a counterintelligence agent, and served eight years on active duty. And during that time, that was really when the army was starting to get interested in cybersecurity a little bit more. As I was leaving my career, they started the US Cyber Command. So I’m finding a lot of the cases I was working started to have more of a cybersecurity lien to them. So, when I left the military, I was kind of trying to figure out what I wanted to do next. And for a while went into nursing and worked in that for a little bit. I was going to school to be a physician assistant. And then I just realized, you know, that wasn’t quite the right fit. I realized I enjoyed helping people. But you know, I still kind of always had this sort of technical cyber leaning interest, and was still wanting staying in touch with the intelligence community. So I kind of switched careers and then ended up getting my degree in IT security and IT management. Then I started work at Agio and have been in the cybersecurity practice side of Agio since 2015.

AST:

Cool, I’m sure you have a lot of interesting stories to tell about your time in the army. Maybe we could do another podcast, how does that sound?

Carrie: 

Yeah, absolutely. I did three tours in Iraq, one in Afghanistan, and was also part of the hurricane Katrina relief in 2005. So, lots of stories there, too. Maybe for another time.

AST:

Yeah, let’s do that. But once again, thank you so much for your service, thank you for that. Now, how did you venture to Agio? You kind of alluded to that last question, but how did you get to where you are today?

Carrie: 

Yeah, so actually, as I was kind of finishing up my degree, we were pushed to really join ISSA, which is the Information System Security Association. So I had joined the chapter in Raleigh, North Carolina, and start going to their meetings. And through that, I had met a gentleman that was working on the cybersecurity team at Agio. And I was just talking to him about my background and finishing up my degree and next steps, and he put me in touch with the hiring manager, and really kind of went from there. I had a couple of interviews, and then they made an offer, and, I accepted and been here since.

AST:

Well, excellent, excellent. Now, can you tell us a little bit about Agio and your offerings? I mean are you a, what I call an MSP or an MSSP, or a CSP, for lack of technical jargon, meaning like a managed service provider, managed security provider, or cloud security provider, or are you kind of like all three…? 

Carrie: 

Kind of all three, so I’d say yes, yes, and yes. So, we are a hybrid company in that we do both on cybersecurity and managed IP offerings. We really grew out of the financial services, but we’ve since expanded a lot more into all sorts of sort of compliance frameworks, from the payment card industry to HIPAA to privacy and things like GDPR. But the core part of our services are managed IT. It’s really like support takeover type stuff. So, we manage desktops, workstations, servers, networks, manage backup databases, everything you know, on that kind of classic, IT infrastructure track. And then my team does the extended detection and response, which monitors of all those systems. And then we have a cyber governance and testing part of the company that does penetration tests, risk assessments, simulates phishing campaigns, that kind of thing.

AST:

Okay, excellent. Now, who is your typical customer? I’ve been on your website a couple of times, and I noticed that your verticals are most like hedge funds, private equity, financial services. Is that your main bread and butter, or do you also do healthcare? Do you SMB fortune 500? What’s your sweet spot, in other words?

Carrie: 

Yeah, definitely the sort of 500 size employees of the small to mid-sized businesses in the financial sector are sort of the real meat and potatoes of our clients, if you will. Mostly, like you said, hedge funds, private equity firms. But you know, we have certainly expanded, and even the cyber governance side has really kind of started out of the payment card industry. So those kinds of clients, and also healthcare, who are anything from large hospital systems to local governments. Anybody that has a PCI need, so it could be retailers, it can be restaurants, franchisees, really quite a mixed bag of clients, which certainly keeps the work interesting when we’re monitoring all flavors of those clients.

AST:

Are your clients mostly here in the US, international or…?

Carrie: 

They are mostly based in the US, but they have, you know, international locations. So even those private equity firms; they may have offices in New York and Chicago in San Francisco, but then they also have offices overseas in London or Milan or Tokyo, or it’s kind of worldwide. As far as what we’re actually monitoring and where people are actually located.

AST:

Well, in terms of talking about size, let’s get back to Agio for a second. How big is your company’s employee size? Do you have offices worldwide? Are you all over the US? Care to share those details with our audience?

Carrie: 

Sure. I think our current employee size is a little over 250. Around that, somewhere in that. Client sizes are in the 300 plus. We are headquartered out of Manhattan, but we do have an office located in Raleigh, North Carolina. That’s where our stock security operation center is located. And then everything else is pretty much remote at this point since COVID, our remote workforce kind of distributed all over the world. Most of my team is in the US. We’ve got a few more growing the team and Canada, in the Toronto area. And then we have Belfast, Northern Ireland, and Bangalore, India is sort of the other location where a lot of our employees come from.

AST:

Okay, excellent. Now let’s get into your role as the director of extended detection and response, or XDR. First, define what XDR is and what your job is? Kind of like what a day-to-day schedule is like for you.

Carrie: 

Sure. So I’ll start with XDR. So that is for extended detection response, not to be confused as EDR, which is endpoint detection response. And it’s sort of like the next version of that it’s this concept, this technology that allows you to take everything that you would want to monitor and detect and respond on in a security stack, and be able to point it all into one place through things like API calls or webhook integrations. So what’s great about the platform that we use is that it’s vendor agnostic. So it doesn’t matter what you already have in place, we’ll be able to integrate all of it, be able to see everything, and still do the network detection, analysis and endpoint detection analysis. But then we also add in all your cloud applications or office 365. Any containers, if you have Docker, Kubernetes, whatever it is, it’s that full 360-degree view, all in one platform, which is really exciting. And also that’s where you can really take advantage of things like machine learning and all the different types of machine learning and getting to that artificial intelligence that you know, kind of the key buzzwords that you’re hearing, you know, certainly in the cybersecurity industry. So, for my role as the director of our XDR service, it really comes down to running a, you know, 24/7 365 security operations center. So XDR is the tool that we offer, it’s the service delivery team name that we have, but it’s really backed by the people that are part of this stock. So I’d say about half of my time comes to people management, as you can imagine having that many employees all over the world, you know, you want to make sure that they’re getting their training, that they’re getting that professional development and growth. And, you know, certainly when it comes to, you know, the cybersecurity shortage that is real, I think a lot of people are experiencing, I want to make sure I retain my top talent. So that’s where quite a bit of my time is invested in the people that make our team, you know, as good as it is. But the other parts of it, of course, you’re going to get into, you know, still having to look at your key performance indicators every day. So we’re looking at, you know, like our mean time to respond in, you know, the kind of effort that agents are spending on tickets as they’re being worked. And then also the sort of executive-level reporting. So reporting, whether it’s daily, or bi-weekly, or monthly, or quarterly, you know, there’s always that kind of business element to make sure that you’re still doing your pre-sales and your renewal conversations. And then, of course, obviously, being an escalation point to go over any issues that come up. So kind of a mixed bag day today, but it’s a lot of meetings and a lot of reporting, and a lot of sort of just monitoring on the performance of the team and making sure that we’re not missing anything, and that we’re, you know, responding to things, meeting our SLA, or service level agreements.

AST:

So it sounds like a lot of keeping track of metrics, I think, right?

Carrie: 

Yeah, it’s a big part of it. And I think it’s also important to our clients, and important to the business itself, I think it’s most important to the people on the team, they want to know how they’re doing. They want to know how they’re relevant, you know, to be though the whole cybersecurity, goals out there and making sure that we’re keeping our clients secure, and that we’re responding to things, whether it’s suspicious or malicious, or just an anomaly that we found, as timely as possible.

AST:

Okay, excellent. Now, how has Agio evolved from being an MSP or MDR services to providing XDR?

Carrie: 

Yeah, so really, the name expanded with the technology we use. It started out as managed security in 2014. And it was on one platform at the time. And then we kind of evolved that into saying, No, it’s really managed detection and response. That came with the platform change. And then really, this latest one into XDR, again, it really came with the platform. I think it’s a big part of what we provide to our clients is the technology and making sure that we’re always looking at the next best thing that’s going to help meet the goals and needs of our clients and ourselves.

AST:

Well Carrie, my vision of XDR is, I wrote a long article for a client Eric Chavez as we were talking about before our show, on Microsoft, XDR. My that’s really my vision on what an XDR is. Is XDR is mostly available from like cloud service providers, or can they come like out of the box in a retail situation? Or does the customer to go through someone like your cloud services provider to get these kinds of services?

Carrie: 

I think it’s both. I think you could do it yourself, though again, you’re going to have to go through the whole stack with a particular provider. So if you wanted to go all Microsoft, you could certainly do it yourself. But I think it’s really more advantageous to go through a partner like Agio, that has the it partnership with an XDR platform, because then we’re providing the skills and the team and doing all the 24/7 365 monitoring for you. It depends on the size of the organization. That’s why I get back to that kind of sweet spot for us being around the 500 employee count mark, because a lot of those and smaller firms don’t necessarily have the IT shops or that IT and cybersecurity expertise and health to both manage the engineering part of the platform. Or has the analysis and the people to do the constant analysis 24/7.

AST:

Carrie, there are dozens of other cybersecurity vendors out there. You know, I mean there’s over 2000 in the US. What separates Agio, your company, from the others? In other words, why should I say, hey, Carrie, I want your company routine deployed next year for me, what makes you different from the crowd?

Carrie: 

I can say a couple of things. But I think one that I find the most interesting is just the tenants of transparency that our company is all about. So if you are next year’s client with Agio, you have access to the same systems that we do. We give you access to the external platform we’re using. If you’re also using EDR tools to give you access to that, we give you access to vulnerability scanning. And then, we also assign an analyst to you. And, of course, you’re going to have the stock analysts as well. You’re going to have sort of a main go-to person that’s also going to educate you on these tools. So we don’t just say ‘here you have access, that’s it.’ But it truly is a partnership and security. And I think that’s kind of unique from you know, other places that may say, Don’t worry about it, we got you covered, we’ll send you stuff as we find it. You know, like we’re really invested in the idea that this is a group effort and that we want to make sure that you understand exactly what we’re escalating to you and why. And that when we do send you stuff that is actionable intelligence, we don’t just send you an alert just for you to look at and be like, Okay, now what? We have this concept of what we call our three W’s, what’s happened, what’s been done, and what’s next. And what’s next is a key part, because the rest of you can see; okay, we saw one alert. This is why it’s important. It’s that analysis, and this is what you need to do about it. I think for a lot of our clients, it really resonates with them. So I think that’s a big part of it. And then I think also why a lot of our hedge fund clients stay with us. Our private equity firms stay with us is because of the fact that we know your business. Like, that’s what we grew out of,  we know, your unique challenges. And that’s a big part of, again, art, like what our sales team really does is they’ll go in and listen. They want to hear what your challenges are, we’re not just there to give you our menu and say pick what you want some column a column B, and we want to hear what your unique challenges are, and then figure out how can we help you to tackle those.

AST:

Okay, excellent. Now we know 2021 brought a huge wave of attacks, especially for the ransomware side, you know, from nation state threat actors. I’m not gonna get too political here on this one. But what advice do you have for somebody who’s looking to protect their data from these nation-state threat actors like SolarWinds? How could that have been prevented?

Carrie: 

Yeah, I think a lot of it is just starting with what we call our brilliance in the basics. I think that if you want to be, you know, as secure as possible, you have to start from the foundations and then go up from there. Like, if you were to just come in and say, I just want to make sure I’m secure against ransomware. Well, I have to look into a little bit more deeply than just what do you have for your monitoring? What do you have for endpoint detection that gets further into? Okay, are you giving your end-users training? What kind of policies do you have in place? Do you have procedures in the event that you do have an incident? It gets more in-depth than just a one-time Quick Fix patch. I think the clients that do the best and are the most prepared and cyber resilience, if you will, are the ones that have this sort of in depth strategy. And that’s a big part of what we talked about with our clients as well, is being prepared to handle things when they happen, not if. Because at this point, we kind of all know that something’s going to come up that will impact us. And we have to understand how we can quickly respond and kind of, you know, mitigate the impact.

AST:

Now, if you don’t mind, let’s segway to a different part of cybersecurity and the cyber issues that  we’ll probably experience even going into 2022. First one, the Internet of Things. I find this concept to be very scary. I think you’re just increasingly vulnerable to the cyber attacker. As I think I’ve mentioned to you in previous conversations, I hate technology. I don’t have a smart car. I just have a 2003 Honda Civic, and that’s all I need. I’ve seen those smart cars, but I just don’t get into that kind of stuff. What are your thoughts on IoT? Do you have a smart car or a smart home?

Carrie: 

I do not; no. I’m very similar to you in that respect, you know, I don’t know if I’d say it’s paranoia, per se. But yeah, I definitely invest in the idea of privacy and really limiting how much time I’m spending online, just even in my personal life. I think certainly, if you watch things like the social dilemma, or even TV shows, like Black Mirror, it’s kind of scary. Like, there’s a lot of bad. You know, it’s just kind of growing and growing and growing. And I think that a lot of people that work in IT and cyber, in their personal life tend to kind of want to be at a turn-off and disengaged, you know. Yeah, I’m kind of like you, I don’t do too much. And then when I do, one of the first things I’m looking at is all the settings for privacy, you know, anything that has any social media accounts, any smart TVs, even. I’m like, okay, how’s this? How’s this stuffing access? But yeah, I don’t have Alexa. I don’t have any of that, personally.

AST:

I only have one mobile app, my email. That’s all I use mobile apps for, but cool. Okay. Now, the next big topic is artificial intelligence, machine learning, or AIML for short. And that’s a big buzzword. It’s been thrown around cybersecurity all year. It’s such a misused term. I mean, you’ll have vendors saying, oh, yeah, well, we have AI in our package, and a customer will get excited, they think they’re all protected. There’s nothing really AI in there. I mean, I just wrote a book on AI. And all it is, is pretty much garbage. But AI does have its rules and it has benefits, like, you know, for task automation, trying to predict what the future holds. But there’s also the good side and the bad side, like with the deep fakes. What are your thoughts in AI? And has Agio made any use of that technology in their platforms? Or do they plan to be there in the near future?

Carrie: 

Yeah, so I, I agree with a lot of people that say like, AI is kind of the, you know, the Holy Grail. It’s certainly what is going to be needed to keep up with the cyber security threat landscape. I think that we’ve just gotten to the point, as you know, we’re just talking about the Internet of Things expanding all day, the more things for the bad actors to attack, which means more things for the good guys to defend. I think in that, in that lens, you know, you really have to look at things like artificial intelligence and automation to really help identify and triage the things that a machine can be taught to do, and allow the humans to focus on the things where their input is needed. And I think that’s the only way that you’re really going to be able to keep up with everything, as it continues to expand. You know, you can read all sorts of articles out there about the cybersecurity shortage, you know, for employment, and just kind of get more and more people that are able to take on this work and are interested. I think that that’s where AI is going to help you at least try to keep up. I agree with you; it is kind of a nebulous, I think a lot of people are not really sure what exactly it means. And how that relates to machine learning as well. You know, our platform to with XDR does include, we’ll say artificial intelligence, which it is. But it’s really just the three different types of machine learning that are built into the platform. A lot of that algorithms, like you said, are sort of intellectual property of the vendor. So I don’t know all of that. But what I do know is that it includes both supervised and unsupervised, and then adaptive or reinforcement type of machine learning, so that it’s able to look and find anomalies and suspicious things, compared to baseline that a human just wouldn’t be able to do. Just physically would not be capable of looking at all this stuff in a day in an hour in whatever time frame you want to say. So, I think it is important for people to figure out, you know, what their strategy is going to be and how they’re going to be able to automate the tasks that don’t necessarily need a human to look at if the repeatable things or things that you can build, you know, your condition for and say, it’s this and this and this and this needs to happen, which you know, Agio spends a lot of time and invested in, in building this out. We’ve certainly done that in 2021. And we’ll continue to do that even more in 2022 and beyond the big part of our strategy.

AST:

The next one is about data privacy. I think we kind of talked about maybe a little bit earlier in the broadcast, but there’s the GDPR, the CCPA, HIPAA and another one I was just thinking about and I can’t remember. But, how has this impacted your business? Are you, being an international company, prone to the tones of types of GDPR and CCPA? In turn, do you help clients come into compliance with that, or is it mostly HIPPA that you specialize in?

Carrie: 

In both, so we do specialize more in HIPAA and GDPR for clients. But I think that there is a growing need, again, I’ll talk about sort of how we customize from our menu. So if there’s clients that say, I need you to do something for the California Consumer Protection Act or the Colorado Privacy Act, we would certainly be able to help them build something out from you know, just the knowledge that we have on our team. We have people on that cyber governance and compliance side that are focused on privacy law and privacy assessments. Again, it’s kind of more in the HIPAA security, HIPAA privacy realm and GDPR. But I know that we’ve kind of looked in trying to find, you know, people that really need the other ones as well. And I’m sure that’s going to be a growing trend, you know, further on, as I see more and more states, besides just California, Virginia, Colorado, as I mentioned. It’s becoming more of a need for people to make sure that they have the right to be forgotten, the right to opt out of things. Privacy is just becoming more and more of a concern for people and rightly so.

AST:

Does Agio do any work with the CMM? That was the other one I was going to ask you about. But do you do any work in that area? Or no?

Carrie: 

No, not today. But again, I think that’s probably going to be something that we’re looking at here in the near future.

AST:

Okay, okay. Now I want to talk about the remote workforce curve, the COVID-19. I think when we talked last, the Omicron variant wasn’t even out yet, but now it’s out in full force. A lot of companies are trying to do the hybrid work model now everybody’s going to work from home. So how has all this impacted you, your business, your clients, and how do you think it’s going to come out here in 2022?

Carrie: 

Yeah, so, definitely for so I was work from home before then. So I’ve been working from home since 2016. So for me, personally, very minimal. I already had the home office set up, I was already kind of used to it sort of my battle rhythms, if you will, of knowing, having a dedicated space. Close my office door and, you know, have this kind of boundaries between work and my personal life. But, you know, our company, I think, responded really well. Being able to say, okay, everyone can work from home, because they do issue everyone equipment. Where it became more challenging is just in people’s houses, being able to find space where they can work and concentrate. But from a technology perspective, it was not too disruptive for us to be able to put everybody into work from home. As we’ve kind of ran through these kind of scenarios before. For our clients, I think some are better prepared than others. I think there were a lot of sort of frantic, you know, now we’re going to set up more Citrix connections, more VPNs, more virtual machines. It became sort of a bit of a mad dash to make sure that everything you know, could be connected from anywhere in the world. But I also think that, because we’ve now been in this for almost two years now, that people are going to want this in their work, whether it’s 100% remote or 80%, or 50%. As a hiring manager, when I’m interviewing people, that’s one of the first questions they ask: is it fully remote? Do you have a physical office location, are we going to be required to come in? So I think that most employees are going to have to, you know, sort of figure out that if they want to retain their people, how they’re going to change their needs and their roles and allow for a work from home policy of some kind.

AST:

In fact I think the term is what, now, the great resignation era, like where people are quitting to get work. Well, Carrie, finally, as we wrap up our show, we’re going to be approaching 2022. But what do you think the threat landscape is going to look like in 2022? To be more the same? Or is there going to be something different that comes up? What are your thoughts on that?

Carrie:

I think it’s going to be more of the same, probably a little bit more variety. But I think you’re still going to see the ransomware variants increasing, you’ll see more ransomware threat actor groups, you’re still going to see the supply chain attacks. When I think of it from a bad actor perspective, that’s where you’re going to have the biggest bang for your buck. If you can take over and insert some malicious code of some kind into an entity that provides services to a bunch of other people, and kind of trickle from there, kind of the same way that phishing works. It’s low effort high reward. It could be debatable, if you look at certainly ATT groups or system check groups and the way that they operate, it’s not low effort for them. But state nations and state sponsored groups are not short on talent, money, and resources to carry out these threats. And I think we’ll just keep seeing more of the same. 

AST:

I think my biggest fears are about critical infrastructure. I don’t think we’re going to see planes crashing into buildings, it’s going to be more like-

Carrie:

Colonial Pipeline?

AST:

Yeah, yeah. 

Carrie:

I agree, and when you look at the industry, too, they have some very outdated infrastructures. They have, you know, very low cyber budgets sometimes. So it’s kind of the low hanging fruit, if you will. That term is kind of overused, too, but they don’t always have the right controls in place, personnel, everything else, to adequately protect those, high value targets, if you will. So it makes sense. Bad actors are going to have a big impact and be destructive. 

AST:

Well Carrie, as we wrap up our show now, what’s the best way for someone to get ahold of you. If they want to learn more about XDR, or if they’re interested in your services, what’s the best way to contact you?

Carrie:

Me directly, they can contact me at carrie.bowers@agio.com, they can also find me on LinkedIn. In the same course, our website, Agio.com, they can find all of our services and it’s a very well-done website so, props to our marketing team for the work that they do. 

AST:

Excellent, Carrie, thank you so much for your time. We look forward to having you back here in January to talk more about your role in the army and other cybersecurity roles. But, in the meantime, happy new year!

Carrie: 

Thank you, and, thanks to you, anytime you want to chat some more, I’m for it. 

AST:

Oh believe me, I could go on all day! Take care, have a good one.

Carrie:

You too, bye.