Reimagining Cybersecurity Hygiene: Outpost24
Outpost24: The 30-Second Download
“Outpost24, as a company, focuses on solving cybersecurity hygiene problems for our customers. We do this through security assessment at every layer of their technology stack,” said Bob Egner, Outpost24 CMO. They offer a full-stack cybersecurity assessment platform, with services including penetration testing, asset discovery, searching for shadow IT and more.
With global headquarters in Sweden, Outpost24 is private equity-owned, has teams on the ground in five countries, and covers customers in Europe, the Middle East, Africa, the Americas and the Asian-Pacific region. Its customers include players in security-minded segments such as finance, insurance and healthcare, as well as media, tech and retail, with approximately 2,000 customers over the lifetime of the company to date.
In recent years, Outpost24 has completed two acquisitions in cloud security assessment and wireless security assessment. Last year, it crossed a breakeven milestone and is closing in on topline revenues of €20 million.
New Environment, Emerging Threats
Reflecting on the pandemic environment, Egner pointed to remote work as a significant shift for many companies. “The pandemic created a challenge for cybersecurity teams that actually got pulled out of the normal cybersecurity functions and sort of thrust into an operational role.” Threat actors are taking advantage of the new landscape, turning to tools such as ransomware more often.
Egner also mentioned several new attack vectors emerging in the market, including the software supply chain. “For an attacker to try to inject themselves into the software update, techniques that are used by a lot of tech companies have created a wealth of new attack vectors that companies that need to protect themselves have to look at these areas that, in the past, they were just assuming they were secured by the software vendors that they were working with.”
Egner said cybersecurity risks span the tech stack, and vulnerabilities can exist in any layer. “I would say it’s all over the map… it depends on the type of attack that the treat actor is trying to exploit.”
“We've run into some of these threat actors who get burrowed into a part of the customer's IT infrastructure and can stay there for weeks, months, in some cases, multiple years, before they start exfiltrating information.”
Egner also believes the current threat landscape is being shaped by threat actors’ determination to find new ways to gain access to companies, motivated by an economic or business case. “They’ve got to think about maximizing the return they get for the least amount of effort for their attack.” This trend has given rise to malicious tools like ransomware toolkits.
As more and more software is created, Egner said, these threats will continue to evolve and create new security vulnerabilities – perpetuating the cybersecurity cycle.
“It’s a question of building the right sort of processes and technology to be able to constantly monitor and evaluate.”
Where Do Customers Need the Most Help?
Organizations have faced a number of persistent cybersecurity challenges for years. “Focusing on your cybersecurity hygiene process, focusing on having the talent and knowledge that's necessary to be able to understand your exposure, and put some control around the exposure, is really the biggest gap that we see across the industry today,” said Egner.
He also noted cybersecurity is universal, and any company in any geography or end market can be the victim of an attack. “I think when we talk to people who are in the threat intelligence space, or in this process called threat hunting, they're trying to understand the mindset of the attacker. What is their business case? Why would they attack a certain area?” He continued:
“So, the gain from the threat actor’s side gives us clues about where the attacks might come from.”
While many, if not most, departments in an organisation are interested in using technology – but when they invest in tech without the involvement of their IT department, cybersecurity can become problematic. “We actually saw a lot of the large data breaches happening over the past couple of years in 2019 and 2020 coming from exactly this scenario, unprotected buckets of data that were available on the cloud, were set up by a marketing agency without the correct security controls, and that data was stolen in a very short timeframe,” Egner shared.
Has the Legacy Stack Been Exposed?
Speaking about the security of the legacy stack, Egner said, “[It] has a benefit of… It's been deployed for a long time. And so a lot of the security exposures or have been disclosed already. So that's not that there's a lot of new things coming out of old technology.
I think the new areas that are coming into play, new applications, transition to cloud, are the things that are creating some of the new zero-day types of things.”
Many organisations are actually aware of their relevant cybersecurity issues, but they choose to accept and live with the risk. “What we find is that there are a couple of handfuls of very common security vulnerabilities that are exploited over and over again. And organizations may know about these. They may have decided not to remediate them in some way, but that's where these, ransomware for example, or any of the latest security vulnerabilities frequently end up leading, is exploitation through known vulnerabilities in the customer's environment that just get hit over and over again.”
How Outpost24 Partners with Customers
“What we do is we help the customer understand what the security landscape looks like,” said Egner. Outpost24 begins with a discovery process, running a variety of exercises to help businesses identify technology assets they use to conduct business as well as technologies in their environment that perhaps shouldn’t be there, such as shadow IT.
“That process of discovering becomes a core element of cybersecurity hygiene, something that we help them move into a continuous process where they're constantly evaluating and they get alerted based on new technology coming into their environment.”
Other key areas of focus include assessing security weaknesses, including identifying and monitoring exposure points. Outpost24 also emphasises sharing actionable advice with customers to help them prioritise cybersecurity to-dos. “Some of the customers that we work with today have a large amount of problems in their environment from an exposure standpoint, to the point that it's overwhelming for them to know which things to work on first. And that's where we brought in some machine learning approach to try to help them look for the vulnerabilities that are most likely to be attacked in the future, help them prioritize based on the areas where there's exposure to the business that could represent some sort of disruption for them.”
What’s Next for Outpost24?
Outpost24 plans to continue with its full-stack approach. “It's been successful for us so far. And we find that that's one of the things that our customer organisations need to think about a little bit more, is what are the relationships between the infrastructure, the cloud, the application, the data, and the different users that work with our technology? And how do those interactions represent weaknesses that you would not find with a typical point solution?”
In addition to an emphasis on full-stack security, Outpost24 also plans to continue building out solutions that provide more guidance and insight based on the various components customers are utilising.
Questions? Connect with the Baird team at RWBcybercoverage@rwbaird.com