Original source: Helen Yu
This article is an editorial summary and interpretation of that content. The ideas belong to the original authors; the selection and writing are by Streamed.News.
This video from Helen Yu covered a lot of ground. 6 segments stood out as worth your time. Everything below links directly to the timestamp in the original video.
Wondering how to tell if a software vendor genuinely prioritizes security or just talks a good game? This expert insight reveals the often-overlooked metric that separates true commitment from marketing hype.
Vendor Transparency in CVEs Crucial for 'Secure by Design' Claims
Procurement and security teams must demand concrete evidence when evaluating a vendor's commitment to "secure by design," according to cybersecurity expert Mike Reamer. Beyond standard certifications like SOC 2 Type 2 or ISO, a vendor's transparency in publishing Common Vulnerabilities and Exposures (CVEs) serves as a critical indicator. Reamer emphasizes that a high volume of disclosed CVEs signals a genuine dedication to proactively identifying and remediating software flaws, reflecting an honest and mature approach to security, given that all human-developed software inherently contains vulnerabilities.
This approach challenges the simplistic notion that fewer disclosed vulnerabilities automatically equate to more secure software. Instead, Reamer asserts that a vendor's willingness to reveal and address issues demonstrates a proactive and dedicated security posture, vital for preventing hidden vulnerabilities from escalating into major breaches. This level of transparency is indispensable for organizations seeking to integrate truly secure solutions and effectively manage supply chain risk in today's complex threat landscape.
"If they claim to be secure by design, take a look at the transparency on CVEs. Do they have published CVEs? Are they on a normal basis or regular basis announcing CVEs? Because I can guarantee you every software version of everybody's product out there has a vulnerability in it."
AI Accelerates Cyber Threats, Demanding Proactive Monitoring and Least Privilege Access
Artificial intelligence is fundamentally reshaping the cybersecurity threat landscape, accelerating adversary behaviors significantly over the past 12 to 18 months, according to cybersecurity expert Mike Reamer. Threat actors now leverage AI for sophisticated attacks, including deepfakes to deceive individuals for network access and creating highly customized phishing campaigns by collecting personal data to target victims with unprecedented precision. This rapid evolution, characterized by accelerated threat actor behavior, necessitates a departure from traditional security paradigms.
In response to these AI-driven threats, organizations must shift towards aggressive proactive monitoring, thoroughly reviewing all communication protocols, and rigorously implementing least privilege access. This involves locking down network communications to only authorized protocols and continuously scrutinizing traffic for anomalies, such as unexpected remote desktop protocol (RDP) sessions. The increased speed and sophistication of AI-powered attacks mean that static, perimeter-based defenses are insufficient, demanding dynamic, continuous vigilance to detect and neutralize threats.
"Really what we're seeing is the age of threat actor behavior being accelerated by the use of AI. And that has greatly changed in the last 12 to 16, 18 months."
AI Speeds Cyberattacks to 90 Seconds After Patch Release
Threat actors are leveraging artificial intelligence to rapidly reverse engineer software patches and exploit newly exposed vulnerabilities, with attacks now occurring in as little as 90 seconds after a security fix is published, according to cybersecurity expert Mike Reamer. This startling acceleration, validated by an Azure honeypot network, drastically shortens the window for organizations to apply updates. Attackers use AI to compare new patches with previous versions, quickly identify the underlying security weaknesses, and weaponize those insights into exploits far faster than traditional human-led efforts.
This unprecedented speed renders traditional monthly patching cycles obsolete and makes perimeter-based security defenses largely ineffective. As adversaries increasingly hide malicious payloads within legitimate data streams, conventional firewalls and intrusion detection systems struggle to identify threats. This necessitates a fundamental shift for security leaders towards new, real-time detection methods and patching strategies to combat the hyper-accelerated exploitation window created by AI, moving beyond static defenses to proactive, continuous security monitoring.
"Threat actors starting to attack it within 90 seconds of being published. So what we see is threat actors becoming extremely aggressive and we see them utilizing AI in a way to help speed up the process."
Security Leaders Urged to Prioritize Kernel Security and Vendor Transparency in Network Access Solutions
When selecting network access solutions, security leaders should critically evaluate how vendors respond to and rebuild after attacks, emphasizes cybersecurity expert Mike Reamer. Given that edge devices frequently face aggressive assaults from nation-states, a vendor's transparency regarding breaches is paramount, as hiding vulnerabilities can inadvertently expose other organizations. Beyond transparency, vendors must demonstrate a commitment to reconstructing solutions from the ground up using modern technology stacks and implementing robust, deep-level security measures.
Reamer specifically highlights the use of technologies like SE Linux profiling to create stringent security profiles, locking down operating systems and applications, and restricting inter-process communication. This "kernel security" approach thwarts threat actors from seizing control of processes or moving laterally within a system. Such an architecture makes any unauthorized activity highly "noisy," triggering alerts and enabling defense mechanisms. Leaders should look beyond features, probing into how software is developed and architected to ensure solutions meet contemporary security demands.
"When we got attacked, our reaction to it was to be transparent about everything... and then getting in and digging in, rolling up the sleeves and making sure that we reconstructed from the bottom up a solution."
Vendors Must Prioritize Kernel Security and EBPF Plans Now, Expert Warns
Organizations should be "absolutely concerned" if their current technology vendors cannot articulate their plans for kernel security or EBPF migration, warns cybersecurity expert Mike Reamer. He emphasizes that these are critical, ongoing initiatives that vendors must be actively pursuing today, not deferring to future development cycles. The Extended Berkeley Packet Filter (EBPF), for instance, represents a significant design shift in Linux operating systems aimed at creating more secure "sandboxes" to isolate and protect system processes from attacks.
While advanced measures like kernel security and EBPF significantly enhance a system's resistance to attacks, Reamer cautions that no single solution acts as a "silver bullet," noting even EBPF has seen vulnerabilities. Therefore, robust monitoring systems remain indispensable. A vendor lacking clear initiatives in these areas essentially offers inadequate protection, akin to a security guard unable to defend. Organizations must demand that their security partners demonstrate a tangible commitment to modern, deep-level defenses to truly safeguard their networks.
"If you have a vendor you're working with and they're not even having an initiative or they're not doing anything moving towards kernel security, then you need to ask yourself, do I really trust that vendor?"
AI-Driven Threats Render Traditional Perimeter Security Obsolete
Traditional perimeter-based security measures are no longer sufficient to combat AI-driven cyber threats because adversaries are increasingly embedding malicious payloads within legitimate data streams, explains cybersecurity expert Mike Reamer. Conventional firewalls and intrusion detection/prevention systems primarily examine ports, protocols, and known signatures, making them ineffective against malware disguised as good traffic. Threat actors can now send fragmented or decompiled malicious code across multiple communication threads, reassembling it once it bypasses initial defenses and enters the network.
This sophisticated obfuscation necessitates a fundamental shift towards advanced monitoring systems that can discern abnormal user behavior rather than just blocking suspicious traffic at the perimeter. Identifying these subtle deviations requires the rapid analysis of immense datasets, a task for which artificial intelligence is uniquely suited. By leveraging AI to process information in milliseconds, organizations can detect unusual activities that signal a hidden threat, moving beyond outdated signature-based defenses to a more dynamic, behavior-centric security posture.
"Traditional perimeter-based security only looks at port and protocol... they're hiding their payload directly inside of good traffic data."
Also mentioned in this video
- Secure by design is critical for resilience against adaptive attacks, involving… (9:14)
- Working with a vendor that leverages secure by design ensures clean and… (12:22)
- Ivanti compressed a three-year roadmap into 18 months by instilling a… (15:26)
- In Ivanti's rapid transformation was overcoming resistance to changing internal… (17:02)
- Security leaders should prioritize monitoring systems to analyze network data… (26:04)
- For organizations with unreplaceable legacy systems, prioritizing monitoring… (27:43)
- To justify the ROI of kernel-level security investment, executive leadership… (30:35)
Summarised from Helen Yu · 34:19. All credit belongs to the original creators. Streamed.News summarises publicly available video content.
Streamed.News
This publication is generated automatically from YouTube.
Convert your full video library into a digital newspaper.
Get this for your newsroom →
