Media

Analyst Burnout Is an Advanced Persistent Threat

On Dark Reading, Andesite’s Chief Product Officer William MacMillan writes about how for too long, cybersecurity analysts have been treated as mere cogs in a machine and it’s time to change that and revolutionize security operations.

“In the battle against cyber threats, we’re losing our most vital asset: our people. While the industry fixates on the latest tools and technologies, security analysts are burning out, crushed under the weight of an impossible mission. This isn’t just a talent shortage, but an existential crisis threatening the future of cybersecurity defense. Until we prioritize supporting the humans at the heart of cyber operations, no tool or technology will be enough to keep us secure.

“Security operations centers (SOCs), the heart of cybersecurity, have become pressure cookers of burnout and frustration. The numbers tell a dire story: More than half of SOC analysts have considered leaving the field, and with them goes the institutional knowledge and expertise that take years to develop. Each departure is a victory for malicious actors, who know that even the most sophisticated tools are only as effective as the humans behind them.

Read More

 

cybersecurity,security operations,SOC,SOC analysts
PREVIOUS A Framework for Human-AI Partnership in the SOC
NEXT Andesite Raises Additional $23 Million and Announces General Availability of the Bionic SOC
Media

A Framework for Human-AI Partnership in the SOC

Andesite’s Chief Product Officer William MacMillan argues on SC Media that so far the attempts to automate the Security Operations Center (SOC) have failed.

Almost 20 years since the rise of the SIEM, and 10 years after SOAR platforms first hit the market, SOCs are still struggling. Analysts are drowning in an “everywhere data” environment, struggling to interpret, prioritize, and respond to seemingly never-ending indicators as close as possible to the speed of threat. Many companies run more than 100 different security tools, forcing analysts to bounce between screens and portals, each with its own query language, while trying to piece together a cohesive investigative narrative. SOC leaders face mounting pressure to deliver on metrics and prove ROI on their growing security budgets.

Read more
cybersecurity,security operations,SOC
PREVIOUS The Importance of Team Culture in Startups, with Andesite’s CEO and co-founder Brian Carbaugh
NEXT Analyst Burnout Is an Advanced Persistent Threat
Media

The Importance of Team Culture in Startups, with Andesite’s CEO and co-founder Brian Carbaugh

In this conversation, Brian Carbaugh, CEO and co-founder of Andesite, shares his unique journey from the CIA (and beore that the Marines!) to the world of cybersecurity. He discusses the challenges and rewards of being a founder, the importance of setting a positive tone for the team, and the necessity of resilience in a startup environment. Brian emphasizes the value of building a supportive team culture, the multi-hat lifestyle of a startup CEO, and the critical role of sales and marketing in a competitive cybersecurity landscape. He reflects on why he chose cybersecurity and the excitement of being a founder, highlighting the opportunity to create a lasting legacy.

Watch it

 

Brian Carbaugh,Startups
PREVIOUS On CISO Perspectives, Andesite’s CPO William MacMillan discusses the state of security automation
NEXT A Framework for Human-AI Partnership in the SOC
Media

On CISO Perspectives, Andesite’s CPO William MacMillan discusses the state of security automation

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties of his podcast, CISO Perspectives, to William MacMillan, the Chief Product Officer at Andesite, to discuss the Cybersecurity First Principle of automation: current state and what happens now with AI as it applies to SOC Operations.

Listen here

 

CISO Perspectives,Podcast,security operations
PREVIOUS The Art of Intelligence
NEXT The Importance of Team Culture in Startups, with Andesite’s CEO and co-founder Brian Carbaugh
Media

The Art of Intelligence

Former CIA Officers Brian Carbaugh (Andesite’s CEO and co-founder), Dawn Meyerriecks, and Michael Morell partner with MasterClass to teach declassified techniques on how to assess risk, strengthen relationships, and get ahead in life and business. Skills so good, they’ve been kept secret, until now.

What you’re about to read is not for civilians’ eyes. Until now. MasterClass has attained access to three of the CIA’s top former officers, who have been given authorization to share their real-life experiences and the valuable lessons they learned about leadership, critical thinking, and risk management. There’s a reason the CIA keeps its techniques a secret. You’re about to find out why.

Watch It

 

Brian Carbaugh,CIA,Intelligence,MasterClass,The Art of Intelligence
PREVIOUS Microsoft-CrowdStrike’s Outage Heralds ‘Increased Vulnerabilities’ Period
NEXT On CISO Perspectives, Andesite’s CPO William MacMillan discusses the state of security automation
Media

Microsoft-CrowdStrike’s Outage Heralds ‘Increased Vulnerabilities’ Period

A massive system outage disrupted systems around the world, grounding flights, disrupting health care, transport and logistics, banking services and critical infrastructure.

The issue hit computers running Microsoft Windows operating system and CrowdStrike software.

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” the company said in a release.

“We’re working around the clock and providing ongoing updates and support. Additionally, CrowdStrike has helped us develop a scalable solution that will help Microsoft’s Azure infrastructure accelerate a fix for CrowdStrike’s faulty update,” Microsoft said in a blog post authored by David Weston, vice president, Enterprise and OS Security.

The outage was only limited to computers running Microsoft’s operating system.

Machines running Mac and Linux system software have not been affected, according to CrowdStrike.

Learn more
cybersecurity,outage
PREVIOUS How the CrowdStrike outage carved out new opportunities for hackers
NEXT The Art of Intelligence
Media

How the CrowdStrike outage carved out new opportunities for hackers

On Nextgov/FCW, former U.S. officials and security practitioners are wondering how a defective CrowdStrike patch for Windows systems fell through the cracks and created more cascading security risks.

CrowdStrike will likely survive and move forward, but, reputationally, it can’t afford another incident like this, said William MacMillan, a former CISO at the CIA.

“The update was supposed to be seamless to users,” said MacMillan, now chief product officer at cybersecurity firm Andesite. “Endpoint detection and response has been game changing, but because of where [Falcon] is positioned on the endpoints, if a patch does go wrong … that can have very significant consequences, as we’re seeing across the globe.”

Read more

 

cybersecurity,hackers
PREVIOUS Venture Beat: CrowdStrike’s IT outage makes it clear why cyber resilience matters
NEXT Microsoft-CrowdStrike’s Outage Heralds ‘Increased Vulnerabilities’ Period
Media

Venture Beat: CrowdStrike’s IT outage makes it clear why cyber resilience matters

A misconfigured content update released by CrowdStrike late on Thursday inadvertently triggered worldwide outages across Microsoft Windows systems, taking many of the world’s most essential services offline.

CrowdStrike was attempting to update content that their Falcon Sensor uses to perform real-time threat detection and endpoint protection by monitoring system activities that identify suspicious behavior to prevent cyber attacks. The content update contains logic designed to fine-tune the detection of malicious activities and is based on the latest threat intelligence CrowdStrike collects on a real-time, continuous basis.

Read more

 

cybersecurity,hackers
PREVIOUS Start-Ups: 10 Tips for Navigating the Headwinds Against High-Growth
NEXT How the CrowdStrike outage carved out new opportunities for hackers
Media

Start-Ups: 10 Tips for Navigating the Headwinds Against High-Growth

If the last two years have taught our industry anything, it’s time to retire to “cybersecurity is recession-proof” colloquialism. Not only have vendors seen cuts and challenges that they didn’t even face in the 2000 and 2008 downturns – but even internal security teams and budgets have been reduced, and defenders have fewer resources against adversaries.

Yet, if you’re at the helm of a startup that is trying to grow in the face of all this, especially knowing that you can help defenders scale their scarce resources, you need to cut through the economic headwinds and achieve your goals. I wish I was a soothsayer and could give you fail proof advice. But what I can give you are 10 suggestions based on what I’ve learned through the good, the not-so-good, and the fair-to-middling, and hope they help you hone your strategy.

Read more
cybersecurity,security operations,Startups
PREVIOUS Endpoint Security and Network Monitoring News for the Week of April 12; Andesite AI, Hexnode, DoControl, and More
NEXT Venture Beat: CrowdStrike’s IT outage makes it clear why cyber resilience matters
Media

Endpoint Security and Network Monitoring News for the Week of April 12; Andesite AI, Hexnode, DoControl, and More

 

Andesite AI, a McLean, VA-based company dedicated to delivering technology to overburdened cybersecurity teams, emerged from stealth with $15.25m in initial funding. Co-developed by Red Cell Partners and General Catalyst, and led by CEO Brian Carbaugh, Andesite has built an advanced AI security analytics platform to “empower both private- and public-sector cyber analysts to defend against advanced persistent threats (APTs).”

By leveraging artificial intelligence (AI), the solution analyzes decentralized data sets at scale to help cyber defenders and analysts more quickly surface threats and vulnerabilities, prioritize and allocate resources, and respond and remediate in a way that improves security posture and reduces cost. Andesite is the latest company to launch under Red Cell’s newly formed Cyber Practice, led by George Barnes, a former Deputy Director of the National Security Agency (NSA).

Learn more

 

Andesite,cybersecurity
PREVIOUS Andesite AI secures $15.25m to bolster cybersecurity with advanced AI analytics
NEXT Start-Ups: 10 Tips for Navigating the Headwinds Against High-Growth