Cyber Security Tribe Co-Founder – Dorene Rettas – caught up with Eric Avigdor, who runs product management at Votiro, to discuss how CDR (Content Disarm Reconstruct) can help assist against major threats to organizations’ cybersecurity and how AI has been implemented to assist in ensuring document safety. They explore:
- Documents Used as Weapons by Threat Actors
- SOCs Overloaded with Too Much Information
- The Use of AI for document safety
1: Documents Used as Weapons by Threat Actors
A significant threat exists since data is no longer only stored in or accessed through data centers. As a result of the proliferation of the cloud, it now exists almost everywhere and is accessible to large numbers of employees. For example, an employee may open a purchase order attachment sent via email. This employee sends it to their manager and even uploads it to CRM. With lateral movement more end points are affected.
Votiro founder, Aviv Grafi, set out to solve this as he identified it as a major problem when he was pen testing for auditing companies around the world. He used weaponized documents, specifically CVs in the format of PDF, sent to recruitment and HR staff and almost had a 100% success rate of gaining access to the system. This is the reason for creating CDR, to ensure files could be delivered/accessed safely.
Using CDR and Zero Trust concepts – you can improve the user experience as staff and stakeholders can trust files that are delivered while providing the relevant security for your systems. This has been achieved under the model of not just distrusting users, but to not trust any data either.
2: SOCs Overloaded with Too Much Information
There have been numerous accounts of staff working within security operation centers being overloaded with too much information. The emotional and psychological effect on the staff results in alert fatigue.
Cybersecurity professionals are reporting themselves as being burned out. Something we here at Cyber Security Tribe have covered in detail and providing solutions that organizations can use to help their employees through the mental strain and how organizations are now taking the situation seriously.
One of the ultimate effects of this strain on the employees is a higher rate of employee churn. SOC employees wanting to leave the business in pursuit of employment where improved support can be provided.
Other than wanting to leave the role, the mental strain also reduces the employee’s performance and productivity. They become desensitized because of so many alerts and are more likely to overlook alerts that are critical and should be investigated – leading to more vulnerabilities.
This is where CDR can make a difference, as it provides a layer of security helping ensure files are delivered with no threat. This reduces the number of false alerts and frees up the time of the SOC team.
It provides an alternative to a big trend within the cybersecurity industry of DSPM (Database Security Posture Management), which is similar to Cloud Security Posture Management. DSPM helps investigate what is wrong with a systems current posture and configuration. However, this trend has results in additional insights and findings being provided to the cybersecurity teams to remedy. These teams often do not have the bandwidth to fix what potentially ten different systems are telling them is wrong with their security. Therefore, the market needs solutions that would mitigate and enforce security, not just alert to what needs further investigation and resources.
3: The Use of AI for Document Safety
The use of AI is allowing us to enforce security we didn’t have previously. We still need to learn more about 1. the Governance of AI and 2. how to leverage AI for increased cybersecurity measures.
Open-source AI models has resulted in an increase of bad actors, including ones that are not very sophisticated, providing an increase in cybercrime. Previously threat actors did not have tools so readily available that created malicious code or highly intelligent phishing attacks that appear more real. AI can also create more individualized targeted attacks against people, increasing the chances of them becoming a victim as well as creating a way to break through to an endpoint.
For the past two years, Votiro has been training machine learning models to identify what a good macro looks like. However, compared to other software providers they have taken a different approach, as many cybersecurity providers block macros or search for malicious macros. Votiro software using machine learning looks for safe and real macros, only permitting those considered safe, leaving the file fully functional.
This concept, although it does not follow the exact model of traditional Zero Trust, it does follow Zero Trust concepts and philosophies. For example, it will not trust anyone, any file, or any data, and is only allowed in once approved as safe. Using machine learning models within CDR and overall Zero Trust concepts, will ensure this technology can confidently identify a safe macro with the highest accuracy.
