Avertium: Cybersecurity has become one of the critical points in managing operations and ensuring ongoing activity for businesses. With the rise of different malicious attacks happening worldwide, companies have become more aware of security and its importance, which is why they want to invest even more in this sector. It is a fact that many businesses nowadays are trying to implement more cybersecurity strategies to ensure the safety of their workflow. But the problem we are commonly seeing is that the process that the businesses want to implement sometimes needs to be more effective, as seen not only from a technical point of view but also from the business perspective. It is challenging to find a cybersecurity platform that can offer technical solutions to implement in the work processes and the business analysis on how this strategy can improve the service provided.

This is where Avertium comes to help. Avertium has been a security partner companies turn to for a fused cyber solution. This fusion offers its partners a broader strategy which includes cybersecurity technical strategies alongside human expertise, threat intelligence analysis, and a business-first mindset. That is why Avertium manages to offer a more advanced and effective solution, which makes it one of a kind in today’s market. A few days ago, 4imag had the chance to talk to Ariel Ropek – Director of Cyber Threat Intelligence, who shared valuable insights about the company and where cybersecurity is focused today.

How was Avertium created?

“Avertium is the sort of merged combination of four other smaller security firms. So, there was Sword & Shield, Terra Verde, True Shield and 1440 security. The four companies were brought together to form Avertium, and together they brought the best pieces of all those four original companies. The original merger happened around five or six years ago. I was part of the 1440 Secure addition, in which I joined the team nearly two years ago. Our primary focus is log monitoring, detection and response. We also utilize several endpoint detection response platforms.

In addition to that, we provide professional services around this framework, PCI compliance, architecture and integrations like cloud migrations, and security related consulting. So, the combination of all the original companies allowed us to have that breadth of service offering and what we’ve done with that is combine them together into a cyber fusion model. I think that’s probably what sets us apart from the rest of the market. We’ve gone past just offering these individual security services like managed SIM or endpoint detection and response and we’re really fusing those together into a more comprehensive security solution that you know goes beyond just the sum of its parts.”

What are the main objectives of Avertium?

“What we’re trying to do is when you have multiple security services with us, we’re creating this situation where 1 + 1 = 3 because we’re combining telemetry from the EDR platforms with the SIM platform. We’re informing those services with the results from our professional services team. We’ll do things like visibility studies to make sure that we have comprehensive coverage for the other security tools and then do things like red teaming, penetration tests and all those services inform each other to create this cyber fusion model. And by fusing those together you generate value beyond what each individual service can offer.”

How is Avertium solution implemented in a company?

“I think our ideal customer would be looking for a security partner to create a comprehensive security program with them. We’re capable of supporting many different vendor tools to develop cyber fusion. So, let’s say a customer brings the SIM technology they had chosen.

They may also come to us with an EDR solution we have preferred of vendors, but there’s some optionality. And then there’s a consultative approach to understand the business needs and how security fits in with that if it’s something like a compliance framework the company is trying to satisfy PCI or HIPAA. Clients would work with our compliance consultants to develop a plan and maturity lifecycle, and then as we step through the phases of that maturity lifecycle and implement additional services and integrate them into the existing services to create that fusion model.”

In a technical aspect, how do you combine Avertium solutions with a business’s work process?

“On the technology side, we have in-house tools that we’ve developed to receive the alerts from the various end detection technologies and do additional enrichment enhancement like the correlation of those alerts, including things like deduplication of duplicates but also higher order logical groupings of those alerts. So, the tool presents these alerts to our analyst teams as groups of alerts. It may include alerts from any of the different technologies we’re monitoring in their environment, giving the analysts additional context. So rather than going through and evaluating single alerts in a vacuum, the analysts are presented with a contextualized group of alerts from the customer systems.

We’re also enriching all those with our threat intelligence at that level where the analyst sees the context of the events over time within the customer environment. Still, also they’re seeing the relevant threat actor enrichment. And suppose there are alerts related to a specific ransomware campaign or AP. In that case, they’ll see that in the platform as part of their analysis. This way, it allows them to be very consistent and efficient with their research.

Meanwhile, on the process side, during a new customer onboarding, a period of collaborative tuning occurs to tune the solution for the customer-specific environment since every environment is unique and different. In our experience, that is similar across most companies. Still, there will be custom tuning and Whitelisting scanners in every environment. That happens during the onboarding process, and that eliminates a lot of the false positives.

Everything is done in collaboration with our customers because we have a collaborative partnership approach to working with customers. We leverage their knowledge of their environments. But at the same time, we have seen that most of the time, customers need to understand their environment, and that’s where the professional services team comes in. To do a visibility study, they will hold a comprehensive inventory of all the assets within the environment and the different software tools.”

What are some of the challenges that Avertium has faced along the way?

“There’s definitely been challenges. One of the things that we experience sometimes would happen during conversations with a new client trying to on board new security tools for them. In cases like this we need a list of all domain controllers so that we can put our enhanced monitoring systems. And they’ll say something like: “Oh well, shouldn’t you know them already?” So, it seems to us that there is a need to do a little bit of a coaching around. Because at the end of the day the responsibility lies with the business to understand their own risks.

If they can’t come to the table and express what their risks are, we can certainly help them get to that point. That’s really where something like the NIST Maturity framework comes into play where we can categorize based on the conversations we have with the client, where they fall into this maturity framework and then understanding that we can help them get to the next level.”

What are some common vulnerabilities that companies may suffer from?

“Generally, unpatched vulnerabilities are a very easy attack factor to threat actors. We see to this day that there are still unpatched on-premise exchange servers. And they’re usually not new zero-day vulnerabilities but remain the same old persistent vulnerabilities that are relatively difficult to patch or could cause some business disruption. The problem relies on the fact that the business doesn’t take much concern about this issue. They’re more concerned about keeping the business up and running, and the patching goes into the second plan. But eventually, one of those vulnerabilities gets exploited, and that causes a much larger business disruption than it would have been to patch that system in the first place.

We address that with our vulnerability management service, where we make recommendations to prioritize certain vulnerabilities over others, even if the CBS score may be slightly lower. Basically, we’re trying to provide context because there is a lot of chaos out there, and we need more context to know these values specifically.”

What should companies do to prevent risks?

“Besides vulnerability patching, I think one of the other big things that gets overlooked a lot of the time is user awareness training. There’s a tendency to focus on whatever the new high tech security product or software of the day is. But if you look at how many of these recent and ongoing breaches occur, for example, the phishing emails (which have become one of the most common attacks), in these cases it really doesn’t matter how many security controls you put in place. If one of your users unlocks the door for somebody you can continue putting locks on the door all you want, but if somebody gets tricked and opens that door then it not very effective.

Especially if you’re investing a lot in these high-tech tools, you also need to be investing in training your user base so they’re aware of the types of phishing campaigns and scams that they can be targeted with. Especially people in finance department or people with access to financial information or any other sensitive data. The most famous attack stories don’t even involve computer exploits, but it comes down to social engineering techniques. At the end of the day what the attackers are doing is scamming users, tricking them into doing something that they don’t intend on doing, which results in being more effective and easier then to bypass a technical barrier to entry and start exploiting the system.”