Ilia Kolochenko, ImmuniWeb: "cybercriminals don’t need expensive zero-day exploits to get into large enterprises"
Thursday, February 17, 2022
Effective cybersecurity practices consist of numerous different processes that include both a dedicated IT department and advanced technology solutions. Unfortunately, it’s often difficult to identify all vulnerabilities, especially when threat actors now employ social engineering tactics to target employees instead of using sophisticated software.
Enterprises make enormous human capital and financial investments to protect their systems, yet we still notice media headlines buzzing about successful data breaches. This only keeps business owners wondering what’s the most effective way to combine technology and human intelligence to finally put a stop to this.
So today we had a chat with Ilia Kolochenko, the CEO of ImmuniWeb, an application security company. He explained how artificial intelligence, machine learning, and intelligent automation can be used to achieve the best cybersecurity solutions for businesses.
Tell us about your journey throughout the years. How did the idea of ImmuniWeb originate?
I noticed a huge opportunity in the application security market, which was mostly in two camps: cheap but inefficient automated scanning solutions versus expensive but high-quality MSSP services.
At ImmuniWeb we found a highly efficient solution by combining Artificial Intelligence (AI) with human intelligence. Thanks to intelligent automation, we can achieve the best possible performance and quality while offering unbeatable pricing on the global market.
Can you tell us about your ImmuniWeb platform? How is AI incorporated into your services?
We use Machine Learning (ML) for acceleration and intelligent automation of numerous time-consuming and laborious tasks, including Web Application Firewall (WAF) bypass, noise-canceling, triage on Dark Web when monitoring for new data leaks, and many others.
Traditional application penetration testing, for example, is usually expensive and protracted as it requires a considerable investment of human time. At ImmuniWeb, we perform most of the testing automatically, while maintaining the same or even higher quality and reliability of security testing.
Most importantly, the speed of testing will be significantly higher, enabling seamless integration of penetration testing into CI/CD pipeline. Only the most complicated or novel tasks, that truly deserve human intelligence and creativity, will be performed by our security experts to enhance and complement the award-winning AI technology.
Essentially, we offer the best value for money by providing our customers and partners with rapid, cost-efficient, and technically effective security, privacy, and compliance testing.
What security tests do you think organizations should run regularly?
It depends on an organization’s technical and legal requirements, as well as the budget and risk acceptance strategy. Some may need continuous penetration testing of hundreds of systems both in test and production environments. Others may meet regulatory requirements and achieve sufficient security levels with just a combination of regular vulnerability scanning and properly deployed WAF.
However, from a security testing viewpoint, continuous monitoring of external attack surfaces, including cloud security posture is absolutely necessary for all organizations. A considerable part of disastrous data breaches in 2021 implicated unpatched and known security vulnerabilities exploitable from the outside.
Moreover, vulnerable external systems and applications may amplify attacks on internal infrastructure, for instance, by attackers first compromising a forgotten web application to later infecting it with malware and sending a “trusted” link to the financial department.
Otherwise, as a matter of best practices, ongoing vulnerability scanning and regular penetration testing are strongly recommended for all internal and external systems that process or store confidential or regulated data (e.g. personal information of health records).
Did you notice any new cyberthreats emerge as a result of the Covid-19 pandemic?
At ImmuniWeb, we have observed a surge of well-known attacks, such as phishing, amid the work-from-home and Bring Your Own Device (BYOD) regimes. The volume of shadow IT has skyrocketed, as panicking organizations hurried to move their operations online or shift their infrastructure into a cloud environment, often without adequately training their employees or implementing adequate security controls. The pandemic was a gift for attackers, thanks to this.
Today, cybercriminals don’t need sophisticated intrusion tactics or expensive zero-day exploits to get into large enterprises – almost all companies have vulnerable, unprotected, or exposed systems freely accessible from the Internet. Internal security is even worse and frequently lacks such foundational security controls as network segregation, patch management, or centrally managed IAM system.
Eventually, once you have access to one single machine, you can effortlessly pivot to others and quickly get your hands on a business’ Crown Jewels. Worse, many attacks remain undetected or are discovered several months or even years later.
Do you often stumble upon myths about web application security? If so, what are the most common misconceptions floating around?
The risks of web application security are commonly underestimated, though the situation gradually improves. Some organizations tend to invest in hype-driven security solutions while disregarding foundational security controls and human training.
For instance, many organizations are concerned about their cloud security. However, only a few have a clear understanding that a vulnerable cloud-hosted web application or API, combined with default access policies and excessive permissions in the cloud, may lead to compromise of the entire data and backups they have stored in the cloud.
In your opinion, what are the main security problems businesses tend to have in the web application field?
Probably a lack of application inventory and unperformed risk assessments are the most serious and widespread challenges. Organizations strive to test and protect their web systems while having no methodical approach or coherent processes ensuring that nothing is missing or that vulnerabilities are remediated in a risk-based and timely manner. Consequently, the unsystematic and incomplete testing leads to data breaches, lawsuits, and multimillion fines by regulators.
Besides application security, what other safety measures do you think are essential for modern companies?
Security training is pivotal. The human factor will likely dominate the pyramid of underlying reasons for security incidents and data leaks.
Generally speaking, a properly implemented cybersecurity strategy and operations, based for example on the ISO 27001 standard, are of extreme importance. Without clearly defined roles and responsibilities, a carefully planned cybersecurity roadmap, consistent processes, and continuously improved procedures, no security vendors or solutions will ever help post-attack. Ad hoc investments into isolated security controls or spontaneous security scans will rather harm by creating a false sense of security.
And for casual Internet users, what security tools do you consider to be must-haves nowadays?
Keep your computers, mobile devices, and installed applications up-to-date, as well as make sure you don’t have unnecessary or unused software. Also, enable Two-factor Authentication (2FA), encrypt your data wherever possible, and only use strong and unique passwords. Finally, you should always be aware of suspicious emails and messages and make sure to install an antivirus to increase the protection of your device.
Tell us, what’s next for ImmuniWeb?
After record growth in 2021, including the launch of new products and services, we plan a further expansion of our business to new territories and markets. We currently serve hundreds of enterprise customers in over 50 countries in a continuous manner, and we plan to double this number by 2023.
Our free Community Edition solution processes over 100,000 daily scans today, and we also aim to increase its audience twice. New partnerships with national CERTs and law enforcement agencies are going to be announced in addition to strategic technology and business alliances in 2022.
But most importantly, new features and functionalities in the existing products will be regularly introduced during the entire year and those will be available to our existing customers and partners at no additional cost. Also, we encourage you to join our growing team – we are hiring! Read Full Article
CSO: Data residency laws pushing companies toward residency as a service
Tech Blog Writer: 1845: Conti Ransom Gang Now Selling Access to Victims