Threat Management in a Changed World: Adarma
Adarma: The 20-Second Download
“Adarma is the UK’s largest independent cybersecurity services organisation focused exclusively on threat management,” said John Maynard, the company’s CEO. The business is “focused on helping organisations detect and respond to cyber threats. Based on the adversarial landscape from a cybersecurity perspective, we help organisations build cyber-resiliency through best-in-class security, consulting, security engineering and managed detection and response services.”
Formed and run by experienced, senior security leaders, Adarma is headquartered in Edinburgh and works with clients from all industry sectors, with a particular focus on the FTSE 350.
An Exponentially Increased Threat Surface
“The threat landscape increases in variation and velocity and in terms of the orchestration and the organisation of the adversarial landscape,” said Maynard, from advanced and nation-state level threats, organised crime, down to lower levels of the landscape.
“A number of things have come together to drive, frankly, an exponential increase in the threat surface for organisations we work with today.”
Maynard said political tensions, geopolitical events like Brexit and the COVID-19 pandemic have contributed to a growing threat landscape. The rapid rise of remote work not only accelerated digitisation, but also drove a rapid expansion in the attack surface for companies. “From a defensive perspective, organisations are scrambling to find out what security means in that new normal.”
A number of specific threats have emerged in the current environment. Maynard pointed to evolutions in malware techniques as a particular concern, as well as the exponential growth of ransomware.
“You can buy online, on the dark web, on the deep web for very, very small amounts of money a ransomware kit, and launch ransomware attacks with very high return on investment from an adversarial perspective.”
Maynard also spoke about the growing trend of the weaponisation of legacy technology. “When you think about how we’re defending as organisations, the tools that we use to defend ourselves can equally be used by the adversary, the attacker, to launch malware.” Cobalt Strike, a defender tool used by organisations to pen test and evaluate their environments from a breach defense perspective, is now being used on the adversary side to launch cyber-attacks.
Addressing Gaps in the Stack
Security has always been very technology-driven, which may contribute to some of the cybersecurity issues companies face today, said Maynard. The fragmentation of deployed technologies in an organisation can create significant cyber defense challenges:
“That fragmentation can lead to a patchwork of security technologies, of tools that don’t necessarily talk to each other.”
Maynard also highlighted the shortage of security-oriented talent: “The biggest gap we see in organisations today is having the skills and the capabilities to optimise, to integrate and to run these technologies that have been purchased, and then to drive effective integration between these tools and driving an efficient security operations process.”
Remote Work Redefined Security Needs
For the cybersecurity world, the initial impact of the pandemic and its acceleration of digitisation was the need to secure the remote worker. Initially, remote connectivity was a primary concern while security was often secondary. Speaking of the impact of these rapid shifts, Maynard said:
“How do you think about security in that new paradigm? You’ve got to drive security closer to the user.”
For solutions development, the pandemic drove security closer to the point of both the user and the workload. “So, specifically at their software development life cycle, at the CI/CD development chain within the DevOps process, to make sure that security is built in as part of that process, and that we have the right checks and balances given the speed at which these are then put into production in the cloud environments,” said Maynard.
The Rise of Machine Learning and AI
Maynard said attackers and defenders alike are finding utility in machine learning and AI. Adarma uses security orchestration and automation technologies within its operation center to drive efficiencies and allow its people to focus on where they can add the most value.
“The more we build artificial intelligence, machine learning, next generation technologies into our own defensive capability, the adversary is also using the same tools.”
He continued, “We're in an arms race. What we use on the defensive side, we've got to be prepared that it's going to be used on the attacker side to go after us.”
As for the question of whether these technologies could replace human talent, Maynard said, “We believe AI, machine learning, automation [are] only part of the puzzle. It's not the rise of the robots, it's not going to extinguish the need for people. It is a solution to the problem of the skills gap.”
What's Next for Adarma?
Adarma has expertise in highly regulated, data-centric organisations and is applying its experience in complex environments like FSI and retail to other sectors in the UK, including manufacturing, pharmaceuticals, industrials and the public sector. The company is looking to internationalise as it scales, particularly as many of its clients have global operations. Maynard also believes there is significant scope for Adarma to expand its proposition from a detection and response perspective.
Questions? Connect with the Baird team at RWBcybercoverage@rwbaird.com