Data breaches cost U.S. companies $9.44 million last year on average, according to Statista. How do security professionals defend their companies’ infrastructure against threat actors and their evolving methods of attack?
Daniel Mazzini and Kacy Reed are VMware architects who develop solutions for VMware Professional Services for Networking and Security, helping VMware customers on the front lines protect their valuable data. They’re passionate about helping customers solve problems and achieve critical business outcomes using VMware solutions.
Daniel holds a degree in Systems Engineering and has more than 20 years of IT experience in security, network engineering, telco, and cloud automation. Prior to VMware, he most recently worked at Dell as a solutions architect and global discipline lead for cloud service providers and telcos. He joined the VMware Customer Success Services Portfolio team in 2020.
Kacy has 15 years of experience in cybersecurity and joined VMware in 2021. He got his start in IT as a cyber network operator in the United States Marine Corps. He also worked as a network engineer and infrastructure manager for private-sector businesses and state, local, and education (SLED) organizations.
You can find them both at VMware Explore Las Vegas, where they’ll present the People’s Choice session selection, Best Practices for Hardening Your VMware Infrastructure.
We asked Daniel and Kacy what advice they would give to organizations that want to tighten their security, as well as cybersecurity professionals looking to improve their craft.
What are some of the most common vulnerabilities that you often see in organizations of any size? Can you provide an example?
KR: The most common vulnerabilities I see are those that exist due to poor patching and hardening practices. A lot of organizations do a good job of patching and hardening their endpoints but do not do as good of a job applying those practices to their infrastructure.
A good example of this is the ESXiArgs ransomware variant that targeted unpatched and unprotected ESXi hosts. This attack could have been prevented by ensuring that ESXi hosts were running the most current patches and implementing basic hardening best practices such as isolating the ESXi host management network, disabling SSH, or adding SSH restrictions.
If organizations suspect a breach or malware in their system, what should they do?
DM: They need to take immediate action to mitigate the impact and minimize the damage. As soon as possible, they need to isolate the affected system, determine the scope of the breach or malware infection, and notify different teams such as IT, management, and legal about the breach. They should also start collecting evidence like logs and network traffic, identifying what allowed the vulnerability, reviewing existing security policies, and educating the team. Most importantly, they need to create a plan to prevent additional breaches or enhance their plan if they already have one.
If an organization has previously experienced ransomware, what are some best practices it should implement?
KR: If an organization previously experienced ransomware, the first step is to gather lessons learned from their past experience. The team should also determine what gaps they have in their technologies and processes that led to them being hit the last time, what went well in their ransomware response plan, and what did not. Based on this analysis, they should develop a strategy and roadmap to remediate and mitigate those gaps and establish good ransomware prevention practices in the future.
CISA has a Stop Ransomware campaign that provides great resources for preventing and responding to ransomware incidents.
What can a cybersecurity professional do to become more knowledgeable about VMware technology security capabilities?
DM: They need to get familiar with VMware products and areas related to security. I suggest they enroll in VMware training, participate in VMware groups and webinars, and stay up-to-date with the latest VMware security product updates. Follow and read the VMware security blogs and VMware security assessment and hardening guides.
Do you think that wargaming is a valuable investment for cybersecurity professionals? Why or why not?
DM: Yes, it is valuable, especially for the professionals assigned to develop security strategies and implement them. Simulating and testing an organization’s security posture and capabilities in case of an incident like cyberattacks or data breaches will help the cybersecurity expert test company security readiness, identify areas to improve, and have an updated process and incident response plan.
What are some of the lessons learned you’ve observed? Can you provide an example?
DM: Regular security training for employees is super important because cybersecurity is always changing and all teams need to be aware of the latest topics. Examples would be how to recognize and what to do with phishing emails, how to manage suspicious links, and the importance of strong passwords. Another important topic is always implementing regular software updates and patching.
What emerging cybersecurity trends or technologies do you find most interesting or impactful?
KR: I am really looking forward to seeing how artificial intelligence and machine learning can continue to evolve and help organizations with their prevention and response to cybersecurity incidents. I think there is a lot of potential for these technologies to aid the Security Operations Center (SOC) analyst and cybersecurity teams in their everyday fight against bad actors by improving their visibility, detection methodologies, and ability to respond to threats.
How do you stay up-to-date with the rapidly evolving field of cybersecurity?
DM: I educate myself on the latest technologies and stay informed about emerging threats and vulnerabilities. I also collaborate and exchange security topics and projects with my colleagues. I read networking and security blogs and I even write blogs about security that force me to learn more every day.
If you were to give a reader just one helpful tip that they should implement to improve their overall cybersecurity, what is that tip?
KR: One helpful tip I would tell readers is to ensure that they harden and patch the key infrastructure components of their environment. A lot of times organizations do a good job of hardening the perimeter and endpoints and end up with a situation where they have a hard secure exterior, but the interior is soft and easy for attackers to target. We need to take similar care of our infrastructure, especially as threat actors are increasing their targets on infrastructure components.
Meet Daniel and Kacy and learn more
You have two chances to meet Daniel and Kacy by registering for their session 2105 at VMware Explore. Want to work with one of our talented security professionals? Learn more about Professional Services for Security and contact us at [email protected].