Full Report
After 35 years in cybersecurity, Mark Kennedy reflects on risk, resilience, adaptive defenses, and ‘fighting bad guys’
Analysis Summary
# Main Topic
Reflection on 35 years in cybersecurity by Mark Kennedy, focusing on the evolution of defenses, the importance of resilience, and the continuous effort of 'fighting bad guys,' highlighted by the development of Adaptive Protection technology.
## Key Points
- Cybersecurity innovation is often spontaneous but requires planning to become sustainable.
- Resilience and protection are significantly defined by the community and the standards it sets through open knowledge sharing.
- The shift in cybersecurity focus recognized in the early 2000s was from file-based infections to machine-based infections.
- The development of **Adaptive Protection** was a key personal achievement, designed to counter Living-Off-The-Land (LOTL) and other advanced attacks.
- The future of defense involves moving beyond proactive signatures to an engine that synthesizes disparate event data for immediate, difficult-to-circumvent protection.
## Threat Actors
- Not explicitly named or attributed specific campaigns in this reflection, but the general context involves "bad guys" and evolving threats.
## TTPs
- **Living-Off-The-Land (LOTL) attacks:** Adaptive Protection was specifically designed as a unique defense against these techniques.
- General threat evolution: Transition from file-based infections to machine-based infections.
## Affected Systems
- The context focuses on the evolution of defensive mechanisms rather than specific concurrent victims.
- The technology discussed (Adaptive Protection) is designed to protect systems against advanced threats identified across the industry.
## Mitigations
- **Adaptive Protection:** A key engineering solution aimed at stopping ROTL attacks without disrupting end-user operations.
- **Proactive Signature Replacement:** The goal is to move towards a consolidated event engine that preemptively counters threats, reducing reliance on traditional signature writing.
- **Community Reliance:** Utilizing collective intelligence and open sharing of learned knowledge to stay ahead of evolving threats.
## Conclusion
Mark Kennedy's experience underscores that sustainable cybersecurity breakthroughs require collaboration and focus on evolving defense paradigms—moving from reactive measures (like signatures) to proactive, insight-driven technologies like Adaptive Protection to counter modern attack vectors such as LOTL techniques. Continuous innovation driven by collective knowledge remains crucial.