Channel Women In Security: Attivo’s Carolyn Crandall On Stopping Credential Theft, Privilege Escalation And Other Threats

‘Partners today need to help their customers change their security defenses so that it’s not all around a perimeter, which already doesn’t necessarily exist today with remote workers and the move to cloud, to one that is more focused on lateral movement detection, privilege escalation and protecting their users’ credentials and their administrators’ credentials,’ Attivo Networks’ Carolyn Crandall tells CRNtv.

Carolyn Crandall, chief security advocate and chief marketing officer at Attivo Networks, a CRN 2020 Cloud Partner Program Guide honoree—the company’s third consecutive year to receive the honor— shares with the channel how identity protection has evolved and also spotlights opportunities for women in IT security.

This comes on the the heels of the drastic shift to remote work brought on by the pandemic, leaving users vulnerable to things like credential theft and Active Directory exploitation.

Here’s a look at some of CRNtv’s interview with Crandall:

So how is Attivo Networks helping its partners ensure security for both their business as well as their customers?

Excellent question and it has been a material shift, and what that has caused is people to evolve their thinking from a perimeter-based security defense to one that is more based upon identity, and those identities involve the credentials, the privileges and protection of those things or otherwise known as Enterprise Identity Protection.

Now what do you see happening with security breaches today?

There’s a lot. I mean what’s happened with SolarWinds, [Microsoft Exchange], the huge ransomware demands that have been out there and what has changed is there’s been an elevated level of attention that’s been given to the in network activities of attackers.

And how our partners today need to help their customers change their security defenses so that it’s not all around a perimeter, which already doesn’t necessarily exist today with remote workers and the move to cloud, to one that is more focused on lateral movement detection, privilege escalation and protecting their users’ credentials and their administrators’ credentials.

And how do you see identity protection evolving in today’s environments?

So it’s evolving a lot because a lot of the focus is on authentication and authorization, and what needs to change is to also look at directory services. So not only can you validate and use multi-factor authentication to verify that it’s the right user, but you need to be able to look and make sure that somebody hasn’t gone to the directory itself, change what’s in there, change the security privileges, changes the group policies so that they can therefore do bad things or empower themselves to steal things, or alter things inside the network and when that happens it can be quite devastating.

What advice do you have for partners?

Partners, you have a loyal customer base and the neat thing about selling in network threat detection is is you’re not going to the customer and saying, ‘Hey, the stuff I sold you last year needs to be replaced.’ Instead, this is s force multiplier add on. So if you’ve sold them endpoint protection platforms (EPP) or endpoint detection and response (EDR)-type solutions, now you can go in and say, ‘I have a complimentary solution that will detect that lateral movement off of the endpoint and I also have the ability to detect if there is going to be attacks on active directory, which is a key target.

And so again, a nice complimentary exchange, and there’s lots of data that shows how these new technologies can be a force multiplier and boost the protection of your customers. So it’s a nice way to open the door and bring in new technology that helps them solve difficult problems.

So with what we’re seeing in security today, what opportunities are available for women in cybersecurity?

So I think one of the first things that I would say is a lot of times when people think of cybersecurity they think about just the information security (infosec) individuals, but the reality is there are a lot of different jobs for women in security. They can be jobs in selling security, they can be in marketing security, they could be in solution architecture, or they can be an actual security administrator.

And so the one thing I would do is is not limit one’s thinking, if you like the technology and you think it’s kind of fun and it’s may be something a little bit more exciting that you could explain to your kids, right, you know that this is what security is and they get it versus sometimes with networking hardware, it’s kind of a one to explain—to a young one or an elder—and so, I would just have an open mind about all the different security opportunities that are out there because there’s a lot of jobs that need to get filled today. And I think the more women that are out there the more comfortable it will be for more women to join in, so I would encourage people to try it and you might just find you’ll fall in love with it.

Check out more of the interview at CRNtv.