Press

Letting Businesses ‘Hack Back’ Against Hackers Is a Terrible Idea, Cyber Veterans Say

“So many things could go wrong, and very little can actually go right,” said Anup Ghosh, a former program manager at the Defense Advanced Research Projects Agency, or Darpa, part of the Defense Department.

Mr. Ghosh, now the chief executive of cybersecurity firm Fidelis Cybersecurity Inc., said that for a company, even deciding whom to counterattack is fraught with risks, given the difficulties of attributing attacks to individuals, gangs or nation-states. Introducing the private sector into the cyberwarfare arena also has national-security implications, he said, such as disrupting intelligence operations that companies might not know about.

‘A uniquely bad idea’? Senators propose hack back study, but most experts’ minds are made up

The more aggressive hacking victims are allowed to be, the higher the risk for collateral damage.

“I could certainly see hack back (or at least the threat of hack back) being a deterrent, and it would bring additional resources and expertise into the fight. I could also see this quickly spiraling out of control and causing collateral damage and further cyber escalation if it is not well regulated and coordinated,” said Chris Kubic, current CISO of Fidelis Cybersecurity and former CISO of the NSA.

Why it’s so difficult to bring ransomware attackers to justice

The private companies that are most often victims of these ransomware attacks can be blindsided about “who actually attacked them” because of the sophisticated nature of the attackers, according to Anup Ghosh, CEO of Fidelis Cybersecurity and a former researcher at the Department of Defense.
“Unlike a physical attack where you can do identification, in cyberspace it’s very difficult to do attribution with certainty,” he said.

Fidelis Cybersecurity Appoints Industry Veteran as Chief Marketing Officer

Fidelis Cybersecurity, the industry innovator in active extended detection and response (XDR) solutions trusted by Fortune 100 firms and governments worldwide, announced today the appointment of Stephanie Broyles to Chief Marketing Officer (CMO).

Avoiding ‘Alert Fatigue’

The key to reducing “alert fatigue” is to make sure alerts are repeatedly validated before they’re distributed, says Chris Kubic, CISO at Fidelis Cybersecurity, who formerly served as CISO at the U.S. National Security Agency.

Fidelis Cybersecurity Buys Cloud Security Company CloudPassage

Fidelis Cybersecurity, an extended detection and response (XDR) platform provider backed by private equity firm Skyview Capital, has acquired cloud security and compliance company CloudPassage.

The CloudPassage acquisition enhances Fidelis’s Elevate XDR platform, the companies said. It allows Fidelis to consolidate endpoint, network and cloud security capabilities into Elevate to help security operations center (SOC) analysts accelerate threat detection and response.