7MS #402: Interview with Matt Duench of Arctic Wolf
Today I'm joined by Matt Duench (LinkedIn / Twitter), who has a broad background in technology and security - from traveling to over 40 countries around the world working with telecom services, to his current role at Arctic Wolf where he leads product marketing for their managed risk solution.
Matt chatted with me over Skype about a wide variety of security topics, including:
-
Corporate conversations around security have changed drastically in such a short time - specifically, security is generally no longer perceived as a cost center. So why are so many organizations basically still in security diapers as far as their maturity?
-
Why is it still so hard to find “bad stuff” on the network?
-
What are some common security mistakes you wish you could wave a magic wand and fix for all companies?
-
The beauty of the CIS Top 20 and how following even the top 5 controls can stop 85% of attacks.
-
Low-hanging hacker fruit that all organizations should consider addressing, such as:
- Disabling IPv6
- Using a password manager
- Turning on multi-factor authentication
- Don’t write down your passwords!
- Have a mail transport rule that marks external mail as “EXTERNAL” so it jumps out to people
- Consider an additional rule to stop display name spoofing (h/t to Rob on Slack!)
-
Why you should be concerned about corporate account takeover, and how to better protect yourself and your company against this attack vector
I also asked Matt a slew of questions that many of you submitted via Slack:
-
Do you (Arctic Wolf) have an option to integrate with various firewall/IPS vendors to automatically block confirmed attacks?
-
Can you detect IT-only or also OT/ICS attacks?
-
How quickly can you detect newly released vulnerabilities in IT systems?
-
Can you detect if someone has breached a particular website/service?
-
Can you detect if a user opened a phishing mail?
-
Is the Arctic Wolf manned 24/7/365?
-
How is the set up done for Arctic Wolf? Do you have a machine in the client’s network, and those machines send data to a central location?
-
Does Arctic Wolf use endpoint detection or do they have network devices deployed as well (perhaps to pick things up on devices that can't run their agent)?