Get to Know Secuvant’s Director of Security Operations, Eric Peterson

Oct 16, 2019

Get to Know Secuvant’s Director of Security Operations, Eric Peterson Image

Tell us about your journey in the cybersecurity industry.

Eric Peterson (from Secuvant)

My initial interest in cybersecurity came in 1995 after browsing to a webpage and receiving a popup about not having a personal firewall. I was then presented with a file explorer view of my C: drive. I made a decision at that moment that I needed to ‘figure things out’. In 2009, I made the decision to pursue IT Security full time. I went back to school, obtained a B.S. and M.S. in IT Security and many industry-standard certifications. I worked in a variety of security positions (some at the same time) including IT Help Desk, Tech Support, Tech Support Management, Escalation & Account Management, Service Delivery, System Administration, IT Administration, Security Analysis, Security Engineering, SOC Management, and finally, my current role as Director of SecOps at Secuvant.

What aspects of cybersecurity are you passionate about?

My focus and passion right now are on building a great security team along with our SOC-as-a-Service offering. Other interests include:

  1. Researching and learning about new attack and threat vectors, remaining current in the latest exploits, cyber-attacks, breaches, CVEs, and trends;
  2. Protecting our current customers (assets, IP, people, and their customers);
  3. Staff and program development, training, and documentation of all we do.

In what ways has the threat landscape evolved and where do you think cybersecurity is headed?

Positively, there are more shared information sources for threat intelligence and frameworks becoming ‘the standard’, such as MITRE ATT&CK ™. On the negative side, the targeting of ‘brands’ by bad actors is increasing and Nation-State attacks and their associated hacking groups’ activities are very concerning. Median dwell time is decreasing (approximately 70 days) but APTs (Advanced Persistent Threats) are on the uptick.

Additionally, file-less malware continues to evolve such as Nodersok, and many companies don’t have the tools or visibility needed to detect them. The re-emergence of older malware (ver. 2.0) like GandGrab or Mirai botnet provides a glimpse of where cybersecurity is going. Enterprises continue to fall behind such as in the application of the very first two CIS controls 1) Inventory and control of hardware assets and 2) inventory and control of software assets. Bad actors continue to find your legacy applications and deprecated servers you’ve forgotten about and are exploiting them.

What are some of the top cybersecurity risks that face businesses today?

  • The evolution, development, and delivery of ransomware or weaponized malware such as Emotet, Trickbot, Ryuk, and Qbot/Qakbot continue to keep me and other cybersecurity professionals up at night.
  • Striking an effective balance between preventative security solutions or tools, and log and event monitoring, such as our MDR services.
  • Finding and retaining top Cybersecurity talent and building training and career path programs around them.
  • Financial budgets requested by IT and Security Teams for security solutions and projects (falling under cost centers, not profit centers) continue to be a struggle. What is an acceptable risk?
  • The land grab (small companies and cyber products being acquired by large companies)
  • The market deluge and over-saturation of security solutions (SIEM, SOAR, ML, AI, etc.) and buzz word bingo, and the spread of FUD (fear-uncertainty-doubt). Security professionals know there is no silver bullet.

Can you discuss the importance of cybersecurity monitoring services for organizations?

Secuvant’s SOC-as-a-Service (SOCaaS) improves a company’s security posture by providing increased (in some cases, full) visibility into their environment and a team of seasoned Security Analysts and Engineers who provide actionable alerts and intelligence. By outsourcing your SOC needs, you fill gaps currently present in your IT or security team (not their day job, lack of experience in threat hunting, etc). With monitoring services, you also become more agile and effective in your response to alerts received and anomalies throughout the environment. You also gain peace of mind in knowing you have eyes on glass and tools monitoring your environment 24×7.

How can SOC-as-a-Service help protect sensitive data?

Sensitive data can exist anywhere. With MDR services such as Secuvant’s, we ensure that critical devices are monitored such as Domain Controllers, Email Servers, File Servers, Web and Application Servers, and Firewalls. We monitor various system logs such as:

  • System activity logs and authentication logs;
  • Networking logs such as HTTP proxy logs, DNS, DHCP and FTP logs;
  • AV/Malware protection or EDR logs;
  • NIDS/NIPS logs and real-time traffic.

FIM and DLP can also protect sensitive data, but your enterprise must know where your sensitive data resides. You can’t protect sensitive data without having identified and classified it first. A SOCaaS can see when data is not encrypted (clear text) and shared over untrusted networks for example.

Are there any cybersecurity or risk management tips you can provide business leaders during National Cyber Security Awareness Month?

Make cybersecurity a critical focus within your enterprise. Build a great team and provide direction and leadership. Ensure you understand the ramifications of having undersized or under-resourced security teams. Skimping on security can be seen in system maintenance and patching (vulnerability management, out-of-date firmware on firewalls and network devices ), working with your users (security awareness, phishing exercises), Incident Response, or financially, whether to approve the budget for requested security tools such as EDR or a secure email gateway.

If you’d like more information about our cybersecurity risk management program or our SOC-as-a-Service solution, please contact Secuvant at contactus@secuvant.com or 855-732-8826. We enjoy cybersecurity discussions!