This article was first published on SBC Americas on May 8, 2023
Cyber security is of the utmost importance for any company operating within the digital space. For the igaming industry, this is where DruvStar and its Threat Insights technology comes in.
Speaking to SBC Americas, DruvStar CEO Manjit Gombra Singh discusses the need for real-time threat detection and incidence response in the igaming industry and the role that AI can play in maintaining cyber security standards.
SBC: Firstly, can you begin by walking us through DruvStar Threat Insights? What would be your elevator pitch?
MGS: DruvStar Threat Insights™ is an AI based advanced technology solution, which provides Managed Detection and Response (MDR) SaaS, for real-time threat detection and incidence response in gaming, hospitality, and healthcare organizations.
The Threat Insights solution is designed to help companies identify and respond to cyber threats quickly and effectively. Our team of security experts utilizes external threat intelligence and continuous monitoring of networks, endpoints, users, on-premises, and cloud environments for signs of malicious activity and prepares our clients to improve their cyber-security posture in an informed way.
SBC: How is Threat insights drawing upon AI to introduce an additional layer of input to the threat hunting process?
MGS: DruvStar Threat Insights™ uses Artificial Intelligence (AI) and Machine Learning (ML) algorithms to analyze vast amounts of data from various sources, such as network traffic, logs, and endpoints. It has the capability plug-in for over 500 different types of sources to model user and entity behavior. DruvStar Threat Insights™ uses industry threat intelligence and learns from the collected data to recognize patterns and identify anomalies that could indicate a potential security threat.
This approach enables real-time threat detection to prevent issues and respond quickly to mitigate security risks. It allows our clients to lower the topmost risk in the industry, cyber-risk.
SBC: DruvStar recently agreed to supply Threat Insights to Nisqually Red Wind Casino in Washington. How did this partnership come about?
MGS: Nisqually Red Wind Casino is the greater Olympia area’s go-to spot for gaming, dining and entertainment. Boasting an expansive 46,000 square foot gaming floor, the casino offers more than 1,670 slot machines, Keno, and a plethora of table games.
While Red Wind Casino had done a good job successfully managing their property, realizing the risk around Infrastructure, senior management is modernizing their Infrastructure which Includes strengthening cyber-defense. The introduction of Sports Wagering further expanded cyber-risk and warranted stepping up their investment and increasing protection of Red Wind Casino’s attack surface.
Red Wind Casino chose DruvStar as their cybersecurity provider knowing that they needed a partner with deep gaming experience, one that knew the industry inside-out with their game, systems, and networking knowledge. They wanted to achieve the following outcome:
- Perform a comprehensive evaluation of their current infrastructure identifying, prioritizing, and remediating security vulnerabilities.
- Implement a 24 x 7 Managed Detection and Response solution to provide next level of security with proactive action.
“When we evaluated our MDR protection, we knew we needed a partner with deep gaming experience, and DruvStar and their Threat Insights service met all the requirements and more. I’ve had nothing but a wonderful experience partnering with such an outstanding team.” – Roy Reich, Chief Information Officer, Nisqually Red Wind Casino.
SBC: What are some of the key security threats and challenges that companies such as Nisqually Red Wind Casino might face on a day-to-day basis?
MGS: Companies such as Nisqually Red Wind Casino face a wide range of security threats daily. These can include phishing attacks, ransomware, malware, insider threats, and social engineering attacks. The following factors Increase cyber-risk of such enterprises:
- Rapidly evolving Threat Landscape: The cybersecurity threat landscape is constantly evolving, with new threats, vulnerabilities, and attack techniques emerging on a regular basis. Keeping up with the ever-changing threat landscape as Red Wind expanded their network, adding Sports Wagering, was challenging to ensure they were effectively defending against new and sophisticated threats.
- Lack of In-house Expertise: Building and maintaining a skilled and knowledgeable cybersecurity team in-house can be challenging for some customers. Finding and retaining qualified cybersecurity professionals continues to be a challenge, particularly for organizations operating in regions with a shortage of cybersecurity talent.
- Limited Budget: Elevating the priority of investments in cybersecurity requires executive management leadership. Limited budget allocations for security initiatives and cybersecurity solutions restrict the ability to safely protect casinos’ attack surface.
- Compliance: Gaming industry is highly regulated, and casinos must comply with a wide range of regulations to ensure the security and integrity of their operations. One such example of a new compliance requirement is Nevada Regulation 5, which was enacted in January 2023. This regulation requires gaming operators in Nevada to implement certain cybersecurity measures. These companies must take steps to protect their information systems from cyber threats, comply with relevant state laws, and conduct risk assessments using best practices to reduce the risk of cyber attacks. Additionally, they must continuously monitor their cybersecurity risks and report significant attacks to the Nevada Gaming Control Board within 72 hours. Companies must also maintain written records of their compliance with the regulation for at least five years. The goal of such regulations is to ensure that companies prioritize the protection of their customers’ sensitive information against cyber threats.
To address these challenges, DruvStar Threat Insights™ solution provides a range of advanced security capabilities, including continuous monitoring and threat detection, incident response planning, threat intelligence, proactive threat hunting, and regular security assessments.
These capabilities help to ensure that casinos like Nisqually Red Wind can maintain compliance with respective regulations, while at the same time protecting against a wide range of cyber threats.
SBC: And how do you keep on top of any potential breaches?
MGS: Three DruvStar unique engines are used to keep on top of any potential breaches:
1) DruvStar Threat Insights™ learns of user and system behavior on a continuous basis and automatically formulates a model based on machine learning. We use Artificial Intelligence to rapidly detect Issues of concern.
2) Industry specific Threat Intelligence learns of the latest approaches used by bad actors to attack organizations and informs our threat analysis
3) Certified Security Operations Center monitors threats on a 24/7 basis and responds to security Incidents. We are the only company that provides advanced threat hunting which is specific to the gaming industry.
Our cloud-based platform and Vegas based certified security operations center scale across multiple clients, deepening our expertise and lowering the cost of cyber-defense for our clients.
In 2022, our security assessments and proactive threat hunting discovered over 14,000 security issues, which our clients have been able to address to prevent security incidents and respond to daily security attacks.
SBC: What can we expect from DruvStar in 2023?
MGS: We founded DruvStar with a clear mission, which is: Defend our clients from dangerous cyber-attacks. We are continuing to innovate and enhance our cybersecurity offerings, with additional software algorithms, to optimally find issues that matter in the gaming and hospitality industry. We will continue to use AI and ML to provide effective, affordable cyber-defense solutions.
Earlier this year, we launched DruvStar DataVision, which deepens our technology stack to identify anomalous behavior and helps provide data safety. We’re continuing to broaden DataVision every quarter.
We also plan to continue expanding our cyber-defense and data safety services to new markets in North America to help more organizations improve their cybersecurity posture.
Our aim is to be a trusted cyber-security provider. With 100 years of gaming expertise, proof-points across several reputed clients across North America, we continue to demonstrate our superior capabilities in the gaming and hospitality industry. With advanced B2B technology, we are aiming for the top-spot for cyber-defense in the gaming Industry.