Q1. The "zero trust" security model is gaining traction across industries. How is Sophos positioning itself within this paradigm, and what do you see as the key challenges and opportunities it presents?
The zero trust security model is getting traction for several good reasons. It’s no longer an acceptable practice to implicitly trust anyone or anything accessing your systems. The old days of “you’re on the network, so you’re trusted” are gone. Too many times have trusted devices or users, or service accounts been compromised by bad actors to either get a foot hold on a network or move around. Trust should be guarded, and constantly re-assessed - never given implicitly.
Sophos has fully embraced this paradigm shift, both internally and within our product offerings. This approach enabled our development teams to have the same user experience as our customers, and that has driven an optimized implementation and workflow.
We have integrated zero-trust into our network security platform in the form of ZTNA, or Zero Trust Network Access. This provides exactly “what it says on the tin” - implementing the zero-trust security model by forcing devices and users to prove their identity with multi-factor authentication, and proving their device is compliant and not compromised - continuously. ZTNA not only implements the principles of zero trust, but also provides granular access controls so a given user or device only has access to specific applications and not the whole network further improving security and segmentation precision.
Being one of the earliest cybersecurity innovators to market with a SaaS based security platform, Sophos customers have been benefitting for years from automatic threat updates across endpoint, network, email, cloud, and identity systems and security controls. This has allowed us to build out a mature set of multi-domain capabilities within our platform for organizations looking to adopt a zero-trust approach.
Zero trust has created a huge opportunity as many organizations move to embrace enhanced security benefits but depending on implementation it can create deployment, operating, and cost challenges if it adds yet another agent, product, or management console. Knowing this, we made it easy for organization to adopt by integrating practical zero trust paradigms into our firewall and endpoint products to offer a single gateway, single agent, and single management console solution all from a single vendor.
Q2. Beyond AI and cloud, what emerging technologies do you believe will most disrupt the cybersecurity industry in the next decade? How should organizations be preparing for those challenges now?
The slowing rate of global population growth has created a reduced workforce, aging infrastructure, and ultimately increased risk. This has created a scalability problem in all organizations, public and private. Automated services, from manufacturing, transportation, retail, customer support, and ticketing systems to healthcare, financial, and critical infrastructure have expanded the attack surface and hence the cybersecurity risk across all companies, governments, and nations.
Although IoT has been a concept for years, we are truly at the beginning of a disruptive boom in this space as well. Renewable energy requires a much smarter grid all the way down to consumer appliances and cars. The pace and number of electric vehicle manufacturers continues to accelerate and many of them will not have the required focus on securing what is effectively a computer with wheels. Cloud + zero trust + IPv6 + 5G and beyond means more and more technology like this is going to be internet facing. Combine that with an unstable geo-political situation and the ability for adversaries to not only steal information but also disrupt daily lives will trend in the same direction as the continuous growth of IP-connected devices.
To address these challenges, organizations need to shift from cybersecurity product acquisition and management as a primary model, to one that balances outsourcing the more challenging (and therefore failure-prone) operational elements so that they can focus on their business rather than trying to become cybersecurity experts. Not only do the cybersecurity MSPs and vendors have the scalable expertise, but these services are based on integrated platforms that prevent the risks inherent in each organization attempting to configure their own infrastructure. More advanced platforms like Sophos Central include adaptive technologies which can prevent, detect, and respond to threats much faster than traditional approaches. We will see these platforms continue to expand and evolve to include additional IT functionality in order to further scale and reduce risk.
Quantum computing will likewise have a disruptive effect on cybersecurity over the next decade, with many traditional methods of encryption and detection becoming strained and eventually obsolete. Innovative vendors will help organizations stay ahead of this curve through implementing quantum safe computing methods into all aspects of cybersecurity from data protection, device and network security, cloud security, identity, detection and response, and much more. All of this needs to be integrated into the same central platform described above.
Q3. What are Sophos' plans for SecTor 2024? What specific innovations or advancements does Sophos plan to showcase at the event?
Morgan Demboski and Mark Parsons of the Sophos MDR Operations team are sharing their story of how a threat hunt led to the discovery of a long-running Chinese state-sponsored cyber espionage campaign, code-named "Crimson Palace" involving three distinct threat clusters coordinating activity to maintain persistent access to the same Southeast Asian government organization. You’ll find their session titled, “Surfacing a Hydra: Unveiling a Multi-Headed Chinese State-Sponsored Campaign Against a Foreign Government,” on October 23 at 11:15 a.m. in Room 801B.
Stop by our booth (#403) for live demos, updates on our award-winning endpoint and network threat protection, and to meet with the Sophos team.
Q1. How does endpoint security need to evolve in coming years as remote and hybrid work environments become the norm?
We've seen how attackers have changed their tactics in recent years to include more legitimate tools to perform their attacks, and as an industry we innovated to quickly detect and respond to such attacks. As you know, the security game encompasses much more than just endpoints. An organization’s attack surface grows by the day, with users navigating different e-mail and cloud apps to get their work done, as well as using their own home networks and endpoints. Not to mention the cloud! That’s why having broad and continuous visibility into the entire environment, and a Zero Trust strategy implemented, are key in this new hybrid work scenario.
That said, as endpoints go, a notable attack made a scene this year. The industry observed AI-created Deepfake attacks with the aim to defraud enterprises. Modern endpoint security is fighting AI with AI, using Agentic AI to detect the use of Deepfakes against enterprises and alert the employee as it occurs. We will continue to see advancement of the use of Agentic AI not just at the endpoint layer, but across layers of the attack surface.
Q2. How should organizations be preparing today for quantum computing? What steps should they be taking to prepare for the transition to post-quantum cryptography?
In about ten years, when quantum computers become commercially available, none of today's encrypted data will be safe. Trend researchers have shared recommendations to prepare enterprises for PQC. Companies should begin to identify where encryption is used or needed in their internal processes or products. Each case must be reviewed to determine if PQC is necessary. For example, email encryption is an obvious candidate for PQC, while TLS-based session encryption may still be sufficient in many cases. Following this assessment, old encryption algorithms need to be replaced but with caution. Will the new encryption lead to longer payload in network packets? Will the encryption/decryption process significantly impact runtime behavior? Another aspect to consider is the management of encryption keys, as they will get significantly longer. Solutions are already available for most of these scenarios, so there is no need to panic. One also needs to consider transition and backward compatibility, for example, consider how the organization deals with archived data. This is not just a simple “replace this algorithm” R&D task; it will impact core business processes, logistics, customer communications, and even your legal department. The Canadian National Quantum-Readiness For Canadian Organizations was published last year for best practices and guidelines to prepare for PQC which shared similar recommendations.
Q3. What can attendees expect from Trend Micro at SecTor 2024? What are some of the key themes and trends that Trend Micro plans to focus on during the event?
Attendees can expect to learn more about key themes such as "Security for AI" and "AI for Security" and what that means in practice. Trend will showcase its latest advancements in cybersecurity solutions driven by AI as well as how we are securing AI. AI enables us to enhance threat detection and response capabilities and shape the future of cybersecurity, but also comes with its own security risks. That’s why we’re also focusing on securing customers’ AI data centers, AI workload, and overall AI usage. We’ll demonstrate how AI is weaved into Trend Vision One, the industry’s broadest integrated cybersecurity platform, to provide proactive and comprehensive security measures and empower organizations to operate with less risk across all environments.
At our booth, they’ll also learn how to implement newer security strategies such as continuous threat exposure management to proactively reduce threat risks across their entire attack surface. This should empower security and SOC teams to reinforce their Zero Trust strategies when dealing with the remote/hybrid work force.
