WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 11, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
If you liked Marvel’s SpiderMan then you will recognize the special Spidey-sense skill that Peter Parker possessed. The skill refers to “a vague but strong sense of something being wrong, dangerous, suspicious, a security situation.” It’s a type of personal situational awareness that helps him to avoid disaster. That does sound useful!
As a defender of networks, I’ve always been impressed by stories where someone spotted something that didn’t quite look right and followed their suspicion, investigating it further eventually leading to a reveal of something much more serious. A classic example is given in a true story by Clifford Stoll, “The Cuckoo’s egg”, where a 1970’s computer engineer investigates an accounting glitch that eventually unearths a major international espionage campaign on a university’s computer system.
It seems that our ability as a human being to be suspicious, or “feel” that something is wrong has been an invaluable tool since we were being chased around rainforests by predators. In information security we think of the network engineer as being the most important person to employ this skill. To follow a hunch leading to the ultimate discovery of a major security issue.
In real historical terms the computer networks in the workplace are a relatively new invention. But in the 50 or so years that they have been part of our lives, we’re now at a stage where most of the workforce is computer literate by default.
The vast majority of our workforce has at one time had a Hotmail, Gmail or similar Internet e-mail account and have received untold quantities of spam e-mail promising us untold riches from dissident ambassadors or tax refunds that never quite are. Add to this our workforce of millennials, we have a digitally sophisticated group of netizens who grew up pranking each other on Facebook and on their phones. The simple fact is our modern workforce has Spidey-sense in spades.
As little as ten years ago the perceived wisdom to deal with phishing, or user error, was to suggest writing a wordy policy document or enacting disciplinary procedures to be targeted at our “stupid users” who click on the wrong link or open the wrong document.
But in truth, a lot of the types of social engineering campaigns that we now fear are easily spotted by our millennial work force. They are attuned to spotting something “a bit phishy”. Taking phishing as an example, most spam testing companies will tell you a typical click rate on a phishing e-mail campaign is on average 20-30%. Turning that on its head – that’s 70-80% of people who are not clicking and either ignoring the e-mail or noticing that something is up. What a fantastic opportunity – that’s 70-80% of our workforce that could tell us something is worthy of more attention. That’s just for phishing – what would be interesting to measure this for employees spotting unapproved equipment or unusual application behavior.
This is *exactly* the kind of input that you need in incident management. If I have 1000 people working in my organization, how do I harness the 700-800 folks who might spot something that is going wrong?
As ever, culture sits at the center. Ask any management team and they’ll tell you that creating culture is non-trivial and depends on what went before it, but the basis of it is founded on positive engagement and trust. The most important aspect of this is creating a culture where an employee feels, most critically *trusts*, that the act of coming forward with a security incident will be assessed in a positive manner – even if they made a mistake or weren’t optimal in their response. Some organizations might even consider implementing a reward structure (though a set of clearly defined rules is important to avoid abuse). This exists today for the external reporting of incidents in the form of bug bounty programs why not for reporting incidents?
It’s not just what you promise, it’s the actions to back it up. Try rewarding the next person who reports a security incident with a $5 amazon voucher. You’ll probably discover that word-of-mouth does some of the hard work for you. The question of how to structure and roll out such a program is worthy of a much longer article and this one. But if you start changing the culture and use positive re-enforcement – that has to be a good start. Ultimately, staff must feel that they are the genuinely important part of the security apparatus of a company. The fact is that they are, be it physical, electronic or otherwise.
Amongst the best detectors in the business are our people. If we can help them to give us a sense of situational awareness, we can detect waves of campaigns as they arrive, spot the targeted attempts, adjust our defenses and warn others to improve our effectiveness at repelling attacks, frauds or increase our chances of spotting a link in the chain of a highly targeted campaign. Spidey-sense is alive and well in all of us, and it presents a great opportunity to organizations to harness it in order to help them detect early stages of attacks, or security problems. Harnessing this skill is an essential part of creating the cyber situational awareness that enables secure, self-aware companies.