Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact

NEWS ANALYSIS Q&A: Striving for contextual understanding as digital transformation plays out

By Byron V. Acohido

The tectonic shift of network security is gaining momentum, yet this transformation continues to lag far behind the accelerating pace of change in the operating environment.

Related: The advance of LLMs

For at least the past decade, the cybersecurity industry has been bending away from rules-based defenses designed to defend on-premises data centers and leaning more into tightly integrated and highly adaptable cyber defenses directed at the cloud edge.

I first tapped Gunter Ollmann’s insights about botnets and evolving malware some 20 years when he was a VP Research at Damballa and I was covering Microsoft for USA TODAY. Today, Ollmann is the CTO of IOActive, a Seattle-based cybersecurity firm specializing in full-stack vulnerability assessments, penetration testing and security consulting. We recently reconnected. Here’s what we discussed, edited for clarity and length?

LW: In what ways are rules-driven cybersecurity solutions being supplanted by context-based solutions?

Ollmann: I wouldn’t describe rules-based solutions as being supplanted by context-based systems. It’s the dimensionality of the rules and the number of parameters consumed by the rules that have expanded to such an extent that a broad enough contextual understanding is achieved. Perhaps the biggest change lies in the way the rules are generated and maintained, where once a pool of highly skilled and experienced cybersecurity analysts iterated and codified actions as lovingly-maintained rules, today big data systems power machine learning systems to train complex classifiers and models. These complex models now adapt to the environments they’re deployed in without requiring a pool of analyst talent to tweak and tune. (more…)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

RSAC Fireside Chat: Here’s what it will take to achieve Digital Trust in our hyper-connected future

By Byron V. Acohido

Confidence in the privacy and security of hyper-connected digital services is an obvious must have.

Related: NIST’s  quantum-resistant crypto

Yet, Digital Trust today is not anywhere near the level it needs to be. At RSAC 2024 I had a wide-ranging conversation with DigiCert CEO Amit Sinha all about why Digital Trust has proven to be so elusive. For a full drill down, please give the accompanying podcast a listen.

We spoke about how the Public Key Infrastructure (PKI) has come under pressure. PKI and digital certificates provide the essential framework for authenticating identities, encrypting communications and ensuring data integrity.

However, with the shift to remote work and the proliferation of Internet of Things systems, the complexity of maintaining a fundamental level of trust in digital services has risen exponentially.

And that curve will only steepen as GenAI/LLM services ramp up and quantum computers get mainstreamed, Sinha observed. (more…)

RSAC Fireside Chat: VISO TRUST replaces questionaires with AI analysis to advance ‘TPRM’

By Byron V. Acohido

Taking stock of exposures arising from the data-handling practices of third-party suppliers was never simple.

Related: Europe requires corporate sustainability

In a hyper-connected, widely-distributed operating environment the challenge has become daunting.

At RSAC 2024, I visited with Paul Valente, co-founder and CEO of VISO TRUST. We had a wide-ranging discussion about the limitations of traditional third-party risk management (TPRM), which uses extensive questionnaires—and the honor system – to judge the security posture of third-party suppliers. For a full drill down, please give the accompanying podcast a listen.

VISO TRUST launched in 2020 to introduce a patented approach, called Artifact Intelligence, to automate the assessment of third-party risks. This method employs natural language processing (NLP) and various machine learning models, including large language model (LLM) to automate the assessment of third-party risks, Valente told me.

The benefits of advanced TPRM technologies extend beyond implementing these audits much more efficiently and effectively at scale. Valente cited how a customer, Illumio, is  leveraging Artifact Intelligence to conduct vendor assessments very early in the procurement process, significantly enhancing decision-making and avoiding high-risk relationships. (more…)

RSAC Fireside Chat: Ontinue ups the ‘MXDR’ ante — by emphasizing wider automation, collaboration

By Byron V. Acohido

Companies that need to protect assets spread across hybrid cloud infrastructure face a huge challenge trying to mix and match disparate security tools.

Related: Cyber help for hire

Why not seek help from a specialist? At RSAC 2024, I visited with Geoff Haydon, CEO, and Alex Berger, Head of Product Marketing, at Ontinue, a new player in the nascent Managed Extended Detection and Response (MXDR) space.

MXDR extends from the long-established Managed Security Service Providers (MSSP) space. MSSPs came along 20 years ago to assist with on-premises tools like firewalls, intrusion detection and antivirus tools.

Managed Detection and Response (MDR) arose to focus on advanced threat detection and remediation. And next came MXDR solutions, which offer wider, more integrated coverage while emphasizing automation and collaboration.

Haydon and Berger, for instance, explained how Ontinue leverages machine learning to automate detection and low-level incident management. For a full drill down please give the accompanying podcast a listen. (more…)

RSAC Fireside Chat: Jscrambler levels-up JavaScript security, slows GenAI-fueled privacy loss

By Byron V. Acohido

Could we be on the verge of Privacy Destruction 2.0, thanks to GenAI?

Related: Next-level browser security

That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna, co-founder and CTO of Jscrambler, at RSAC 2024.

Jscrambler provides granular visibility and monitoring of JavaScript coding thus enabling companies to set and enforce security rules and privacy policies. For instance, it helps online tax services prevent leakage of taxpayers’ personal information via pixels, those imperceptible JavaScripts embedded in a web page to collect information about the user’s interactions.

It turns out, Fortuna observed, that GenAI/LLM is perfectly suited to the deeper mining of personal data collected by pixels as well as other JavaScript mechanisms currently in wide use.

This brought to mind 2010, the year I wrote news stories for USA TODAY about Mark Zuckerberg declaring privacy was “no longer a social norm” and Google CEO Eric Schmidt admitting that Google’s privacy policy was to “get right up to the creepy line and not cross it.” (more…)

SHARED INTEL Q&A: Forrester report shows Identity and Access Management (IAM) in flux

By Byron V. Acohido

Identity and Access Management (IAM) is at a crossroads.

Related: Can IAM be a growth engine?

A new Forrester Trends Report dissects ten IAM trends now in play, notably how AI is  influencing IAM technologies to meet evolving identity threats.

IAM is a concept that arose in the 1970s when usernames and passwords first got set up to control access mainframe computers.

By the 1990s, single sign-on (SSO) solutions had caught, and with the explosion of web apps that followed came more sophisticated IAM solutions. Federated identity management emerged, allowing users to use the same identity across different domains and organizations, and standards like SAML (Security Assertion Markup Language) were developed to support this.

The emergence of cloud computing further pushed the need for robust IAM systems. Identity as a Service (IDaaS) began to gain traction, offering IAM capabilities through cloud providers. (more…)

RSAC Fireside Chat: Seclore advances ‘EDRM’ by aligning granular controls onto sensitive data

By Byron V. Acohido

Digital rights management (DRM) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies.

By the mid-2000s a branch called enterprise digital rights management (EDRM) cropped up to similarly protect sensitive business information. Today, businesses amass vast  amounts of business-critical data – at a pace that’s quickening as GenAI takes hold.

At RSAC 2024 I sat down with Isaac Roybal, chief marketing officer at Seclore, to discuss how the challenge of securing business data has moved beyond even where the EDRM space has been evolving. For a drill down, please give the accompanying podcast a listen.

Seclore takes a data-centric approach to securing data by aligning granular controls with the sensitive data itself. This allows for security teams to dynamically manage permissions, rescind access, alter editing capabilities,  and even perform real-time compliance checks, he noted. (more…)

RSAC Fireside Chat: Bedrock Security introduces advanced approach to “commoditize” data discovery

By Byron V. Acohido

Business data today gets scattered far and wide across distributed infrastructure.

Just knowing where to look – or even how to look – much less enforcing security policies, has become next to impossible for many organizations.

At RSAC 2024, I visited with Pranava Adduri, co-founder and CEO of Bedrock Security which has just rolled out its AI Reasoning (AIR) Engine to help solve this problem in a bold new way.

The start-up leverages serverless architectures to discover patterns in large datasets and then maps out data boundaries without having to examine every single data point.

This “commoditization” of data discovery, as Adduri puts it, slashes the cost of data discovery at scale. For instance, Amazon’s AWS Macie service charges around $1,000 per terabyte for data discovery, or $1 million per petabyte, Adduri told me. (more…)

RSAC Fireside Chat: NightVision shines a light on software vulnerabilities, speeds up remediation

By Byron V. Acohido

When Log4J came to light in 2021, Kinnaird McQuade, then a security engineer at Square, drew the assignment of testing endpoints at some 5,000 users of the popular mobile payments service.

Related: The big lesson from Log4J

“It took us eight hours to run the scan and I was sweating it because these were all small family businesses that depended on Square, and if any of them got popped, it would be real people that were affected,” McQuade told me.

That ordeal proved to be a catalyst for McQuade, a renowned ethical hacker and creator of popular open-source security tools, to launch NightVision and succeed where static application security testing (SAST) and dynamic application security testing (DAST) have failed.

The focus is on providing a software testing solution that does not impede innovation, provides clear guidance to developers and identifies software vulnerabilities long before public release. Last week, NightVision announced the commercial availability of its first application security testing solution. (more…)

GUEST ESSAY: Taking a systematic approach to achieving secured, ethical AI model development

By Harish Mandadi

AI has the potential to revolutionize industries and improve lives, but only if we can trust it to operate securely and ethically.

Related: The key to the GenAI revolution

By prioritizing security and responsibility in AI development, we can harness its power for good and create a safer, more unbiased future.

Developing a secured AI system is essential because artificial intelligence is a transformative technology, expanding its capabilities and societal influence. Initiatives focused on trustworthy AI understand the profound impacts this technology can have on individuals and society. They are committed to steering its development and application towards responsible and positive outcomes.

Security considerations

Securing artificial intelligence (AI) models is essential due to their increasing prevalence and criticality across various industries. They are used in healthcare, finance, transportation, and education, significantly impacting society. Consequently, ensuring the security of these models has become a top priority to prevent potential risks and threats.

•Data security. Securing training data is crucial for protecting AI models. Encrypting data during transmissionwill prevent unauthorized access. Storing training data in encrypted containers or secure databases adds a further layer of security. (more…)

RSAC Fireside Chat: Start-up Anetac rolls out a solution to rising ‘service accounts’ exposures

By Byron V. Acohido

From MFA to biometrics, a lot has been done to reinforce user ID and password authentication — for human users.

Related: How weak service accounts factored into SolarWinds hack

By comparison, almost nothing has been done to strengthen service accounts – the user IDs and passwords set up to authenticate all the backend, machine-to-machine connections of our digital world.

Service accounts have multiplied exponentially in recent years and become a prime target of threat actors, since little has been done to beef up protection.

A just-out-of-stealth start-up, Anetac, has secured $16 million in funding to address this gaping blind spot. At RSAC 2024, I sat down with Baber Amin, Head of Product at Anetac, Diana Nicholas, co-founder of Anetac, to learn more.

Identity vulnerability is a dynamic problem, and Anetac’s platform dynamically provides real-time streaming visibility and monitoring of human and non-human accounts, service accounts, APIs, tokens and access keys. This approach contrasts with static scanning tools that have come along from the big name IAM solution providers, like Okta and CyberArk, Amin and Nicholas told me. (more…)

RSAC Fireside Chat: Rich threat intel, specialized graph database fuel HYAS’ Protective DNS

By Byron V. Acohido

The capacity to withstand network breaches, and minimize damage, is a key characteristic of digital resiliency.

Related: Selecting a Protective DNS

One smart way to do this is by keeping an eagle eye out for rogue command and control (C2) server communications. Inevitably, compromised devices will try to connect with a C2 server for instructions. And this beaconing must intersect with the Domain Name System (DNS.)

At RSAC 2024, I had an evocative discussion with David Ratner, CEO of HYAS, about advances being made in DNS security. For a full drill down, please give the accompanying podcast a listen.

HYAS gathers rich intelligence from multiple sources and then feeds it into a specialized graph database focused on a variety of infrastructure data including DNS traffic. This allow HYAS to isolate — and even predict — the formation of malicious infrastructure – before the attackers can fully weaponize the breached system.

“Our goal is to understand what’s going to be used as a command-and-control server in the future so that you can be blocking it now,” he told me. (more…)

RSAC Fireside Chat: Dispersive adapts WWII radio-signal masking tool to obfuscating network traffic

By Byron V. Acohido

Spread spectrum technology helped prevent the jamming of WWII radio-controlled torpedoes and subsequently became a cornerstone of modern-day telecom infrastructure.

For its next act, could spread spectrum undergird digital resiliency? I had an evocative discussion about this at RSAC 2024 with Dispersive CEO Rajiv Plimplaskar. For a full drill down, please give the accompanying podcast a listen.

For historical context, the U.S. military scattered radio-signals and added noise to radio transmissions — to prevent the jamming of torpedo controls. Decades later, the telecom industry figured out how to spread WiFi, GPS, BlueTooth and 5G signals over a wide bandwidth and then also added pseudo-random codes — to prevent tampering.

Dispersive launched in 2021 to adapt these same concepts to protecting sensitive network transmissions in a highly dynamic environment. Here what Plimplaskar told me: (more…)

News analysis Q&A: Shake up of the SIEM, UEBA markets continues as LogRhythm-Exabeam merge

By Byron V. Acohido

It’s easy to compile a checklist on why the announced merger of LogRhythm and Exabeam could potentially make strategic sense.

Related: Cisco pays $28 billion for Splunk

LogRhythm’s is a long established SIEM provider and Exabeam has been making hay since its 2013 launch advancing its UEBA capabilities. Combining these strengths falls in line with the drive to make cloud-centric, hyper-interconnected company networks more resilient.

Forrester Principal Analyst Allie Mellen observes: “The combined organization is likely to push hard in the midmarket, where LogRhythm’s existing suite has had success and the Exabeam user experience makes it a more natural fit.”

Despite the promising synergies, Mellen cautioned that the merger alone would not resolve all challenges. “Both of these companies have faced challenges in recent years that are not solved by a merger,” she adds. “These include difficulty keeping pace with market innovation and with the transition to the cloud.” she said.

Last Watchdog engaged Mellon in a drill down on other ramifications. Here’s that exchange, edited for clarity and length.

LW: How difficult is it going to be for LogRhythm and Exabeam to align their differing market focuses; what potential conflicts are they going to have to resolve? (more…)

News alert: AI SPERA integrates its ‘Criminal IP’ threat intelligence tool into AWS Marketplace

Torrance,Calif., May 22, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal IP, is now available on the AWS Marketplace.

This integration ensures efficient software procurement and deployment, aligning seamlessly with customers’ existing cloud architectures.

After meeting specific technical and security standards set by AWS, the SaaS-based Criminal IP search engine ensures reliability and seamless integration with AWS services. The AWS Marketplace, a significant platform primarily used in the US, provides Criminal IP with access to a vast global customer base, enhancing its visibility and credibility. This listing demonstrates the critical role of AWS Marketplace in the software’s adoption and success.

<Criminal IP, a comprehensive threat intelligence tool, is now available on the AWS Marketplace>

Criminal IP excels in threat detection, empowering cybersecurity with unparalleled intelligence.

Criminal IP is the industry’s leading IP address intelligence tool, leveraging AI and machine learning to provide unparalleled visibility into the risks associated with internet-connected devices. It offers comprehensive solutions for fraud detection, (more…)

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deepfakes

By Byron V. Acohido

There was a lot of buzz at RSAC 2024 about how GenAI and Large Language Models (LLM) are getting leveraged — by both attackers and defenders.

Related: Is your company moving too slow or too fast on GenAI?

One promising example of the latter comes from messaging security vendor IRONSCALES.

I had the chance to sit down with Eyal Benishti, IRONSCALES founder and CEO, to get a breakdown of how their new Generative Adversarial Network (GAN) technology utilizes a specialized LLM to reinforce anti-phishing mitigation services.

Benishti explained how GAN can very effectively mitigate Deepfaked messages, images, audio and video using a specially-tuned LLM to stay a step ahead of threat actors, even those who themselves are utilizing GenAI/LLM tools to enhance their Deepfakes. (more…)

RSAC Fireside Chat: SquareX introduces security-infused browser extension to stop threats in real time

By Byron V. Acohido

The open-source Chromium project seeded by Google more than a decade ago has triggered something of a web browser renaissance.

Related: Browser attacks mount

Browsers based on Chromium include Google Chrome and Microsoft Edge, which dominate in corporate settings – as well as popular upstarts Brave, Opera and Vivaldi. Together these browsers have given rise to a vast ecosystem of extensions – one that happens to align perfectly with a highly distributed work force and global supply chain.

Naturally, the flip side of cool, new browser capabilities is a yet another  expansion of the network attack surface. And this, in turn, has resulted in a surge of innovation in web browser security.

At RSAC 2024, I visited with  Vivek Ramachandran, founder of SquareX, a brand new start-up that’s in the thick of these developments. Google and Microsoft, he told me, are myopically focused on dealing with fresh coding vulnerabilities spinning out of Chrome and Edge and doing very little to stem live attacks. (more…)

RSAC Fireside Chat: Flexxon advances hardware-level security with its ‘Server Defender’ module

By Byron V. Acohido

Hardware-based cybersecurity solutions are needed to help defend company networks in a tumultuous operating environment.

Related: World’s largest bank hit by ransomware attack

While software solutions dominated RSA Conference 2024 and are essential for multi-layered defense of an expanding network attack surface, hardware security solutions can serve as a last line of defense against unauthorized access to sensitive data and tampering with systems.

I sat down with Flexxon co-founder and CEO Camellia Chan to learn more about the soft launch of Flexxon’s X-PHY® Server Defender module. This follows the success of their X-PHY® SSD endpoint security solution.

This security-tuned SSD provides real-time protection against malware, viruses, and physical tampering. (more…)

MY TAKE: RSAC 2024’s big takeaway: rules-based security is out; contextual security is taking over

KINGSTON, Wash.  — U.S. Secretary of State Antony Blinken opened RSA Conference 2024 last week issuing a clarion call for the cybersecurity community to defend national security, nurture economic prosperity and reinforce democratic values.

Related: The power of everyman conversing with AI


That’s a tall order. My big takeaway from RSAC 2024 is this: the advanced technology and best practices know-how needed to accomplish the high ideals Secretary Blinken laid out are readily at hand.

I was among some 40,000 conference attendees who trekked to San Francisco’s Moscone Center to get a close look at a dazzling array of cybersecurity solutions representing the latest iterations of the hundreds of billions of dollars companies expended on cybersecurity technology over the past 20 years.

And now, over the next five years,  hundreds of billions more  will be poured into shedding the last vestiges of on-premises, reactive defenses and completing the journey to edge-focused, tightly integrated and highly adaptable cyber defenses directed at the cloud edge.

This paradigm shift is both daunting and essential; it must fully play out in order to adequately protect data and systems (more…)

RSAC Fireside Chat: How the open-source community hustled to identify LLM vulnerabilities

By Byron V. Acohido

SAN FRANCISCO — It took some five years to get to 100 million users of the World Wide Web and it took just one year to get to 100 million Facebook users.

Related: LLM risk mitigation strategies

Then along came GenAI and Large Language Models (LLM) and it took just a couple of weeks to get to 100 million ChatGPT users.

LLM is a game changer in the same vein as the Gutenberg Press and the Edison light bulb. It gives any literate human the ability to extract value from data.

Companies in all sectors are in a mad scramble to reap its benefits, even as cyber criminals feast on a new tier of exposures. As RSAC 2024 gets under way next week in San Francisco, the encouraging news is that the cybersecurity industry is racing to protect business networks, as well.

Case in point, the open-source community has coalesced to produce the OWASP Top Ten for Large Language Model Applications. Amazingly, just a little over a year ago this was a mere notion dreamt up by Exabeam CPO Steve Wilson. (more…)

RSAC Fireside Chat: Secure, flexible web browsers finally available, thanks to open-source code

By Byron V. Acohido

SAN FRANCISCO — At the end of 2000, I was hired by USA Today to cover Microsoft, which at the time was being prosecuted by the U.S. Department of Justice.

Related: Why proxies aren’t enough

Microsoft had used illegal monopolistic practices to crush Netscape Navigator thereby elevating Internet Explorer (IE) to become far and away the No. 1 web browser.

IE’s reign proved to be fleeting. Today Google’s Chrome browser —  based on the open-source code  Chromium — reigns supreme.

I bring all this up, because in 2019 Microsoft ditched its clunky browser source code and launched its Edge browser, based on open-source Chromium. (more…)

MY TAKE: GenAI revolution — the transformative power of ordinary people conversing with AI

By Byron V. Acohido

SAN FRANCISCO — The amazing digital services we have today wouldn’t have come to fruition without the leading technology and telecom giants investing heavily in R&D.

Related: GenAi empowers business

I had the chance to attend NTT Research’s Upgrade Reality 2024 conference here  last week to get a glimpse at some of what’s coming next.

My big takeaway: GenAI is hyper-accelerating advancements in upcoming digital systems – and current ones too. This is about to become very apparent as the software tools and services we’re familiar with become GenAI-enabled in the weeks and months ahead.

And by the same token, GenAI, or more specifically Large Language Model (LLM,) has added a turbo boost to the pet projects that R&D teams across the technology and telecom sectors have in the works.

The ramifications are staggering. The ability for any human to extract value from a large cache of data – using conversational language opens up a whole new universe of possibilities. (more…)

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

By Byron V. Acohido

The technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available.

Related: Data privacy vs data security

However, this remains a novel concept at most companies. Now comes a Forrester Research report that vividly highlights why attaining and sustaining a robust cybersecurity posture translates into a competitive edge.

The report, titled “Embed Cybersecurity And Privacy Everywhere To Secure Your Brand And Business,” argues for a paradigm shift. It’s logical that robust cybersecurity and privacy practices need become intrinsic in order to tap the full potential of massively interconnected, highly interoperable digital systems.

Forrester’s report lays out a roadmap for CIOs, CISOs and privacy directors to drive this transformation – by weaving informed privacy and security practices into every facet of their business; this runs the gamut from physical and information assets to customer experiences and investment strategies.

Last Watchdog engaged Forrester analyst Heidi Shey, the report’s lead author, in a discussion about how this could play out well, and contribute to an overall greater good. Here’s that exchange, edited for clarity and length. (more…)

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

By Zac Amos

AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions.

Related: The security case for AR, VR

AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms. This helps them improve their performance over time by gaining data from interactions.

In 2022, 88% of users relied on chatbots when interacting with businesses. These tools saved 2.5 billion work hours in 2023 and helped raise customer satisfaction to 69% for $0.50 to $0.70 per interaction. Forty-eight percent of consumers favor their efficiency prioritization. (more…)

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

By Byron V. Acohido

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints.

Related: The role of ‘attribute based encryption’

There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants.

That could be about to change. Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights.

I had the chance to visit with , senior scientist at NTT Research’s Cryptography & Information Security (CIS) Lab, to learn more about the progress being made on a promising concept called “privacy preserving aggregate statistics.” (more…)

STEPS FORWARD: How decentralizing IoT could help save the planet — by driving decarbonization

By Byron V. Acohido

The Internet of Things (IoT) is on the threshold of ascending to become the Internet of Everything (IoE.)

Related:Why tech standards matter

IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf.

This, of course, is the plot of endless dystopian books and movies that end with rogue machines in charge. Yet IoE, at this nascent stage, holds much promise to tilt us towards a utopia where technology helps to resolve our planet’s most intractable problems.

This was the theme of Infineon Technologies’ OktoberTech 2023 conference, which I had the privilege of attending at the Computer History Museum in the heart of Silicon Valley. I had the chance to visit with Thomas Rosteck, Infineon’s Division President of Connected Secure Systems (CSS.)

Infineon supplies semiconductors embedded in smart systems, most notably in automotive, power and IoT. What I found most commendable (more…)

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

By Erin Kapcynski

Editor’s note: I recently had the chance to participate in a discussion about the overall state of privacy and cybersecurity with Erin Kapczynski, OneRep’s senior vice president of B2B marketing. OneRep provides a consumer service that scrubs your personal information from Google and dozens of privacy-breaching websites. Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.)

For the first expert interview on our blog, we welcomed Pulitzer-winning investigative reporter Byron V. Acohido to share his ideas about the current cyber threat landscape, the biggest threats for businesses today, the role of AI and machine learning in cyberattacks and cyberdefence, and the most effective methods for companies to protect themselves.

Byron is the founder and editor-in-chief of The Last Watchdog on Privacy & Security. He previously chronicled the emergence of cybercrime while covering Microsoft for USA TODAY. His news analysis columns, podcasts, and videos are crafted to foster a useful understanding of complex privacy and cybersecurity developments for (more…)

STEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?

By Byron V. Acohido

Something simply must be done to slow, and ultimately reverse, attack surface expansion.

Related: What Cisco’s buyout of Splunk really signals

We’re in the midst of driving towards a dramatically scaled-up and increasingly connected digital ecosystem. Companies are obsessed with leveraging cloud-hosted IT infrastructure and the speedy software development and deployment that goes along with that.

And yet it remains all too easy for malicious hackers to get deep access, steal data, spread ransomware, disrupt infrastructure and attain long run unauthorized access.

I heard a cogent assessment of the shift that must take at the Omdia Analyst Summit at Black Hat USA 2023. In a keynote address, Omdia’s Eric Parizo, managing prinicipal analyst, and Andrew Braunberg, principal analyst, unveiled an (more…)

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

By Byron V. Acohido

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth?

Preserving privacy for a greater good

A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

Last August, NTT, the Tokyo-based technology giant, unveiled its Health and Wellbeing initiative – an ambitious effort to guide corporate, political and community leaders onto a more enlightened path. NTT, in short, has set out to usher in a new era of human wellness.

Towards this end it has begun sharing videos, whitepapers and reports designed to rally decision makers from all quarters to a common cause. The blue-sky mission is to bring modern data mining and machine learning technologies to bear delivering personalized services that ameliorate not just physical ailments, but also mental and even emotional ones.

That’s a sizable fish to fry. I had a lively discussion with Craig Hinkley, CEO of NTT Application Security, about the thinking behind this crusade. I came away encouraged that some smart folks are striving to pull us in a well-considered direction. For a full drill down, please give the accompanying podcast a listen. Here are a few key takeaways:

A new starting point

Modern medicine has advanced leaps and bounds in my lifetime when it comes to diagnosing and treating severe illnesses. Even so, for a variety of reasons, healthcare sectors in the U.S. and other jurisdictions have abjectly failed over the past 20 years leveraging Big Data to innovate personalized healthcare services. (more…)

News Alert: Criminal IP unveils innovative fraud detection data products on Snowflake Marketplace

Torrance, Calif., June 10, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced that it has started selling its paid threat detection data from its CTI search engine ‘Criminal IP‘ on the Snowflake Marketplace.

Criminal IP is committed to offering advanced cybersecurity solutions through Snowflake, the leading cloud-based data warehousing platform.

Criminal IP’s Intelligence for Fraud Detection and Privacy Protection is meticulously crafted to address the growing concerns surrounding fraudulent activities and privacy breaches. By aggregating data on known malicious and masked IP addresses, including those with historical abuse records such as IDS, malware, phishing, ransomware, and blocked IPs, this dataset equips organizations with actionable insights to identify and mitigate fraudulent activities in real time.

Additionally, the product boasts advanced capabilities to detect servers infected by botnet and C2 software, as well as IP addresses leveraging masking services like VPNs, proxies, and hosting. This product is (more…)