Webinar | Team Burned Out on Phishing Analysis? Here's How to Help.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
July 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Ok I’ll admit it, I feel pretty sorry for Boris Johnson. That doesn’t appear to be a particularly common consensus based on what I’m reading on social media, but from the cards he’s been dealt for his first year in the big seat, he’s had a particularly rough start. There’s been the ongoing COVID-19 pandemic, protests over civil rights concerns, and the little issue of drafting a deal for the UK’s exit from the European Union. Talk about throwing yourself into the deep end?
At first glance, the Brexit deal seems like a good one. Britain is keeping close ties with Europe, allowing tariff free-trade and quota-free access to the single market, while operating a level playing field on social, environmental, and labor standards. Britain will also be free from the jurisdiction of the European Court of Justice (ECJ), with monetary contributions to the EU also set to end.
There is one area of the deal that hasn’t been universally praised, however, regarding the future of Britain’s security. There will be some real adjustment challenges, starting with Britain forfeiting its membership of Europol, Eurojust, the European arrest warrant, and sensitive data sharing agreements like the Schengen Information System (SIS2). There will need to be a sense of proactivity and good faith on both sides, particularly in the first six months after this new arrangement begins. Let’s go into a little more detail on how the deal may affect the UK’s security going forward.
Whatever way you slice it, the UK will have a reduced capacity to receive real-time data, and influence over the organizations it previously sat on, including Europol and Eurojust (European Union Agency for Criminal Justice Cooperation).
The Home Office has said the post-Brexit agreement will include greater control over certain information and processes, such as streamlined extradition arrangements, fast and effective national DNA exchange, fingerprint and vehicle registration data, and continued transfers of Passenger Name Record data. Yet both the National Crime Agency (NCA) and National Police Chiefs Council (NPCC) have previously expressed concern over security post Brexit. The NCA is likely to have to reorganize hundreds of operations that typically would be conducted in partnership with Europol.
Previously the UK could send a “European Investigation Order” to countries within the EU, a legally-binding request to gather evidence by a specific deadline. On January 1st, this power was lost. The UK must now submit a “Letter Rogatory”, an internationally-recognized diplomatic request for assistance. These have typically been slower, and nations have been known to take too long to respond. As with any investigatory process, timeliness is one of the critical components; if critical information is received too late to act on, it is ultimately worthless.
This is a critical blow to the security landscape, as Europol-coordinated efforts have resulted in remarkable successes for the arrest of cybercriminals in recent years. In our blog Recent arrest and high-profile convictions, we analyzed the impact of the “DisrupTor” operation on the cyber threat landscape. This joint operation was conducted by the US Department of Justice in cooperation with Europol, which resulted in the arrest of 179 individuals’, and the seizures of USD 6.5 million and 500 kilograms of illicit substances.
The successful operation was summarised by Europol’s European Cybercrime Center (EC3), who stated “the hidden internet is no longer hidden, and your anonymous activity is not anonymous,” and that “the golden age of the dark web marketplace is over.” The DisrupTor operation highlighted the importance of cooperating with Europol to conduct critical security operations.
Giving up the possibility to orchestrate and influence this kind of operation undoubtedly constitutes a significant setback for the UK. However, DisrupTor demonstrates that it will still be possible to establish fruitful partnerships between Europol and third parties to conduct critical operations. The UK could seek an arrangement with Europol in the same way the U.S does (i.e. an associative relationship), in which Britain can borrow Europol’s investigatory powers but not ultimately influence the organization. I’d like to hope the UK government looks at that as an option.
The BBC have also confirmed that the UK has reached an agreement on extradition and will be able to sit in on meetings of Europol , which also is reportedly “on a par with the best other [third party] countries have achieved”. There is also the possibility for new relationships to be conducted with partnerships outside of the EU in due course.
I think the point to take away from this is like with any new arrangement, there will be many headaches for those who are used to the old arrangement, but this is just something that’ll need to be factored in when conducting new investigations. Those requests will need to be made in as good a time as possible, with appreciation given for, ironically, an additional level of bureaucracy. Europol themselves have commented on the need for transparency and effective intelligence sharing to combat cyber threats, so in an ideal world close cooperation will continue.
The loss of SIS2 will be particularly difficult. The database is used for border management by front-line police officers, including information on missing peoples, cars, or other items of interest. This database was reportedly used half a billion times in 2020, with the database used to inform police officers of intelligence surrounding persons of interest (including criminals and terrorists), vehicles, and prohibited items.
However, the UK will continue to receive data from the Prum Convention System, which includes exchanges of DNA, vehicle registration data, and fingerprinting information. For some international criminal gangs, the new relationship between the UK and EU may actually restrict their activities. Greater scrutiny of personal papers, passports, and driving documents (which are often fraudulent or stolen) can be expected at UK border controls. Due to these new processes, evidence of fake and forged passports, driving licences, international driving permits, insurance certificates, and green cards has been already discovered.
From a regulatory perspective, many of the initiatives that the UK opted into as part of the EU, will continue to apply after the transition period including:
From a cyber threat perspective, activity from state-sponsored actors and cybercriminal actors is becoming increasingly brazen, and in many cases, highly destructive. The WannaCry incident of 2017 highlighted how quickly an impactful cyber attack can spread, perhaps beyond the scope originally intended by the threat actors responsible. EU countries have more connected digital networks than ever before, but for many years cyber security issues were handled at a national level. That created a pretty obvious weak link, which cybercriminals were only too pleased to exploit.
In the past year, ransomware activity has skyrocketed in both volume and success. Threat actors managed to accumulate enormous profits in 2020, ensuring activity will continue to escalate in the following year. December 2020 also saw arguably the biggest cyber event of the year, with the Solarwinds supply chain compromise resulting in a potential compromise to the networks of over 18,000 Solarwinds corporate clients. This operation has since been attributed to a probable Russian state-sponsored group, and highlighted the potential risk from global supply chains.
Countering professional criminal gangs and terrorism will always entail huge challenges. While UK police and intelligence services are second to none, their access to shared datasets containing critical real-time information has been severely restricted. I have no doubt that the future relationship will change over time; however, in the short term, law enforcements and intelligence bodies will likely find conducting investigations that much harder. It is essential that cross working and cooperation continues from both sides of the channel in 2021 and beyond. Despite the four years of posturing from both sides, our citizens’ safety, our data, our financial wellbeing, will always be one of the most important priorities for any government.