Today we face an interesting discussion on cyber security training and on the IAI platform TAME Range with Esti Peshin.
We have the honor of speaking with a very important Cyber Security professional, we are here with Esti Peshin Vice President, General Manager of Cyber Division IAI (Israel Aerospace Industries).
Esti Peshin recently spoke at Cyber Week 2021 in Tel Aviv and is a leading expert in cyber and technologies in this field.
1) The world of cyber security has changed a lot in recent years and is undergoing ever faster changes. What role does creativity play in facing a new threat every day?
We can divide the challenge of handling new threats into two. The first challenge is developing a solution that will provide actional insights or an automated operation to reduce the “alert fatigue syndrome” which affects most of today’s SOCs (Security Operations Centers). The second challenge is to recruit, train and maintain cyber professionals, and for that we need to develop and utilize advanced methodologies and technologies.
When discussing national level cyber security, we need to remember that national grade challenges require national grade solutions. These solutions have to incorporate several elements: state of the art technology; effective, field proven methodology; constant innovation, since the cyber domain is constantly evolving; collaboration and finally capacity buildup, addressing the human factor - training, certification and awareness.
Constant innovation is achieved mostly through creativity.
Furthermore and in view of the huge shortage of cyber experts, our end users seek to achieve capacity buildup via the establishment of Cyber Academies or training facilities to train cyber experts. IAI’s TAME Cyber Range, is a state-of-the-art platform for cyber training and simulation, which is globally utilized by academies and training facilities.
2) How has your professional career contributed to the profession you are pursuing today?
The most important takeaway from my professional career is that anything is possible. If there is a will, there is a way. The means will be identified and it is just a matter of creativity to find the right way to achieve any goal. This is, in my view, the essence of Israeli entrepreneurship, and one of the reasons the cyber eco-system is striving in Israel.
3) How significant is training in this area and how does the TAME Range solution contribute to this?
Like in many professional fields, training is a mandatory building block that allows organizations to cope with the ever-growing challenges fromthe cyber domain.
Training your cyber incident response (IR) teams enables:
• Better security;
• Reduced costs and reduced downtime;
• A more skilled, confident, knowledgeable, and resillient cyber team within the organization;
• Predicting and measuring how well your workforce is prepared for attacks or incidents;
• Improving the cyber security culture by strengthening interpersonal communications and teamwork amongst the team;
• Learning from experts and experience in real-world cyber response;
• Practicing the incident response playbooks to map gaps in the organization’s roles, responsibilities and processes.
TAME Cyber Range allows building knowledge and skills from the individual level to the team level.
4) Compared to other training platforms, what is the strength of TAME Range?
The world of cyber ranges is divided into two main categories:
a) The first is training a scenario that is "pre-recorded". In this category, the training can't be modified to change the attack scenario, the network, or the infrastructure.
b) The second, and TAME is part of this category, is an open architecture that allows modifying every aspect of the training, allows changing how we grade the team's performance, and mainly allows teams to create their training and content.
TAME Cyber Range is a flexible framework that allows building knowledge and skills from the individual level to the team level.
Another strength is our research and development team, who is constantly striving to create new attack scenarios, so the individuals and teams under training will gain up-to-date real-world experience.
5) How does predictivity weigh in the world of cyber security?And what role can artificial intelligence play in the near future?
The most important and sought technologies are those that help organizations to detect that something bad is happening, at a very early stage. Preferably, even allowing organizations to predict that something bad can happen or is about to happen, and to direct the organization on how to avoid it or mitigate it. The bottom line is the ability to predict serves as one of the most important building blocks in the world of cyber security today, and a key element in achieving cyber resillience. The main problem with most of the common cyber monitoring technologies available today is that they generate large number of alerts without prioritizing them. Therefore technologies that can generate actionable insights are the key to improving cyber resilience.
The main solutions sought by our end users are focused on proactively monitoring their networks and cyber space in order to perform the following operations:
a) Conducting an on going and real time, cyber risk assessment;
b) Identifying cyber attacks or predicting attacks based on indicative signals;
c) Providin effective tools for incident response and cyber forensics;
d) Allowing effective knowledge sharing between the national stakeholders and constituents.
6) In your experience, what are 3 features that a team of Cyber Security experts cannot miss?
The three features that cyber security experts cannot miss are, in my opinion:
1) Constant learning, training, improvment and knowledge sharing;
2) Persistent curiosity and skepticism on everything that is going on in the network;
3) Honesty and integrity.
7) How do you see the future of cyber security?
One of the main challenges, ina Covid influenced world, is to draw the line between the entities and government responsibility regarding prevention, detection and response to cyber incidents. On the one hand, each entity has the responsibility for their systems and customers. However, national cyber resilience consists of eco-system resilience, which means the resillience of each and every entity. The national resilience can be compromised if certain entities will be compromised.
The way to address this challenge is by adopting a national security model with the ability to monitor the entire national cyber eco-system, will be able to assist the entities on ways improving their security posture or security response activities, and will be able to intervene in case of unresolved crisis.
Some further challenges that our national level customers are facing in the post Covid world, and must be addressed in order to enable a safer and more cyber secure world are the following:
1) The skills deficit, essentially, there is a huge global shortage in cyber defenders.
2) The necessity of balancing cyber security and business continuity, especially in an era (post covid) where the digital transformation is accelerated. This essentially leads to a paradigm shift from cyber security to cyber resilience.
3) The necessity of pursuing a proactive approach, in order to identify subtle and low key attacks on one hand, and the ability to predict sophisticated attacks based on indicative signals on the other hand.
