Or listen in your favorite podcast app
For as long as Jen Miller-Osborn can remember, she’s been infatuated with puzzles. The thought-process behind mining for an isolated piece and finding its greater purpose has always been fuel for her ambition. For Jen, she connects her love of puzzling to her responsibilities as the Deputy Director of Threat Intelligence for Unit 42 at Palo Alto Networks. With the company, she is tasked with identifying, preventing and addressing some of the internet’s most dangerous attackers. On this episode of IT Visionaries, Jen details everything that goes into the job, and what her biggest security concerns are these days.
3 Key Takeaways
- The knowledge you get from data is not what keeps your networks safe. It’s the ability to understand that data and apply defenses against it.
- IT departments have evolved from managers and administrators to defense protection and cybersecurity.
- The downside to publishing threat intel is it allows attackers to adapt strategies.
For a more in-depth look at this episode, check out the article below.
Unit 42 — the research arm of the Palo Alto Networks — operates with a simple mission: to solve the world’s biggest problems. While the issues that Unit 42 combats and researches are not related to things like peace or hunger, they do serve and protect the defenseless. Jen Miller-Osborn, the Deputy Director of Threat Intelligence for Unit 42, joined IT Visionaries and talked about how her team is working to educate the public on how they can prevent cyber attacks, strategies attackers are using to combat systems, and why IT departments are continuing to evolve.
After nearly a decade with the United States Air Force and a stint with Nation Cyber Investigative Task Force, Miller-Osborn joined Palo Alto Networks Unit 42, a dedicated set of threat publishers, focused on cyber attacks.
“Our goal is to always be publishing unique, new threat intel,” Miller-Osborn said. “So we focus on things that are current and actionable. Our goal in publishing them is to not only make all of our customers aware of what the attack landscape looks like, and what’s going on currently but to let them know they’re protected.”
According to Miller-Osborn, the problem with the attack landscape is it’s a constantly evolving thread, filled with creative attackers that lurk in the shadows of consumer devices. One recent focus for Miller-Osborn and her team has not been attacks on those devices, but rather a concern with cloud software and its lack of protection.
“The one we just published — the focus of the scary things — we found about 200,000 infrastructure as a code template just totally unsecured,” she said. “And those are things that are very commonly used in the cloud environments because it makes it really easy for a DevOps team to spin an application and things in their cloud environment. The problem is there’s not a lot of security built into that initial rollout.”
So what should teams be doing to manage their cloud security? According to Miller-Osborn, companies need to make sure their software is patched and not left open to the internet. The trend is growing in concern and it’s a message that Miller-Osborn said is not getting across to security teams.
“Two things you absolutely should do is to have logging enabled, and the data should be encrypted, especially at rest,” Miller-Osborn said. “Those are best practices outside of cloud environments and they haven’t quite made the transition that needs to still happen in the cloud as well.”
One of the key strategies Unit 42 runs are Shodan scans, a search engine for finding specific devices and device types that exist online. Miller-Osborn advised that if companies have in-house IT teams, it’s a simple precaution they can take to protect themselves. However, if companies don’t employ their own IT professionals, it’s time to call service providers like Palo Alto Networks.
“A big reason why we publish our threat research is that we want it to be as broadly useful and help as many people as possible,” she said. “We’ve taken that data and how you use it in protections, that’s what we view as the secret sauce. The knowledge of it itself isn’t what will keep you safe. Understanding and then being able to apply defenses against it will.”
While Unit 42 serves to educate and empower those with the knowledge they would not receive elsewhere, Miller-Osborn stated their periodicals are not without foolproof. She even admitted that attackers often use Unit 42’s findings to discover alternative methods of attack.
“One of the downsides to publishing threat intel publicly is that it makes it easier for attackers to adapt some of those tactics, or sort of try to pretend they’re someone that they’re not,” Miller–Osborn said. “Confirmation bias is something we as researchers have to be very, very careful with.”
One of the biggest trends in cyber attacks remains crypto-jacking and crypto mining, an emerging form of malware that hides on your device and steals computing resources in order to mine for valuable online currencies such as bitcoin or monero. It’s a trend Miller-Osborn and her team have been monitoring closely.
“We’re seeing more-and-more [attackers] starting to use public source tools, which is common,” she said. “And in a lot of ways, they start adopting it because it makes it harder to differentiate between campaigns. Some of the groups that we track that trend toward custom malware and writing their own, they’re still largely focused on that, but we’re seeing more and more in some spaces where they’re getting into the free tools.”
As cyber-attacks evolve and become more in-depth and harder to identify, Miller-Osborn reminded listeners that companies can refer to Unit 42’s website for more information on tips and tricks to prevent attackers from infiltrating their networks.