Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes

By Byron V. Acohido

There was a lot of buzz at RSAC 2024 about how GenAI and Large Language Models (LLM) are getting leveraged — by both attackers and defenders.

Related: Is your company moving too slow or too fast on GenAI?

One promising example of the latter comes from messaging security vendor IRONSCALES.

I had the chance to sit down with Eyal Benishti, IRONSCALES founder and CEO, to get a breakdown of how their new Generative Adversarial Network (GAN) technology utilizes a specialized LLM to reinforce anti-phishing mitigation services.

Benishti explained how GAN can very effectively mitigate Deep Faked messages, images, audio and video using a specially-tuned LLM to stay a step ahead of threat actors, even those who themselves are utilizing GenAI/LLM tools to enhance their Deep Fakes. (more…)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

RSAC Fireside Chat: Flexxon advances hardware-level security with its ‘Server Defender’ module

By Byron V. Acohido

Hardware-based cybersecurity solutions are needed to help defend company networks in a tumultuous operating environment.

Related: World’s largest bank hit by ransomware attack

While software solutions dominated RSA Conference 2024 and are essential for multi-layered defense of an expanding network attack surface, hardware security solutions can serve as a last line of defense against unauthorized access to sensitive data and tampering with systems.

I sat down with Flexxon co-founder and CEO Camellia Chan to learn more about the soft launch of Flexxon’s X-PHY® Server Defender module. This follows the success of their X-PHY® SSD endpoint security solution.

This security-tuned SSD provides real-time protection against malware, viruses, and physical tampering. (more…)

MY TAKE: RSAC 2024’s big takeaway: rules-based security is out; contextual security is taking over

KINGSTON, Wash.  — U.S. Secretary of State Antony Blinken opened RSA Conference 2024 last week issuing a clarion call for the cybersecurity community to defend national security, nurture economic prosperity and reinforce democratic values.

Related: The power of everyman conversing with AI

Blinken

That’s a tall order. My big takeaway from RSAC 2024 is this: the advanced technology and best practices know-how needed to accomplish the high ideals Secretary Blinken laid out are readily at hand.

I was among some 40,000 conference attendees who trekked to San Francisco’s Moscone Center to get a close look at a dazzling array of cybersecurity solutions representing the latest iterations of the hundreds of billions of dollars companies expended on cybersecurity technology over the past 20 years.

And now, over the next five years,  hundreds of billions more  will be poured into shedding the last vestiges of on-premises, reactive defenses and completing the journey to edge-focused, tightly integrated and highly adaptable cyber defenses directed at the cloud edge.

This paradigm shift is both daunting and essential; it must fully play out in order to adequately protect data and systems (more…)

MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’

By Byron V. Acohido

SAN FRANCISCO — On the eve of what promises to be a news-packed RSA Conference 2024, opening here on Monday, Microsoft is putting its money where its mouth is.

Related: Shedding light on LLM vulnerabilities

More precisely the software titan is putting money within reach of its senior executives’ mouths.

Screenshot

In a huge development, Microsoft announced today that it is revising its security practices, organizational structure, and, most importantly, its executive compensation in an attempt to shore up major security issues with its flagship product, not to mention quell rising pressure from regulators and customers.

A shout out to my friend Todd Bishop, co-founder of GeekWire, for staying on top of this development. His breaking news coverage is as thorough as you’d expect as a Microsoft beat writer with institutional knowledge going back a couple of decades. (more…)

RSAC Fireside Chat: How the open-source community hustled to identify LLM vulnerabilities

By Byron V. Acohido

SAN FRANCISCO — It took some five years to get to 100 million users of the World Wide Web and it took just one year to get to 100 million Facebook users.

Related: LLM risk mitigation strategies

Then along came GenAI and Large Language Models (LLM) and it took just a couple of weeks to get to 100 million ChatGPT users.

LLM is a game changer in the same vein as the Gutenberg Press and the Edison light bulb. It gives any literate human the ability to extract value from data.

Companies in all sectors are in a mad scramble to reap its benefits, even as cyber criminals feast on a new tier of exposures. As RSAC 2024 gets under way next week in San Francisco, the encouraging news is that the cybersecurity industry is racing to protect business networks, as well.

Case in point, the open-source community has coalesced to produce the OWASP Top Ten for Large Language Model Applications. Amazingly, just a little over a year ago this was a mere notion dreamt up by Exabeam CPO Steve Wilson. (more…)

RSAC Fireside Chat: Secure, flexible web browsers finally available, thanks to open-source code

By Byron V. Acohido

SAN FRANCISCO — At the end of 2000, I was hired by USA Today to cover Microsoft, which at the time was being prosecuted by the U.S. Department of Justice.

Related: Why proxies aren’t enough

Microsoft had used illegal monopolistic practices to crush Netscape Navigator thereby elevating Internet Explorer (IE) to become far and away the No. 1 web browser.

IE’s reign proved to be fleeting. Today Google’s Chrome browser —  based on the open-source code  Chromium — reigns supreme.

I bring all this up, because in 2019 Microsoft ditched its clunky browser source code and launched its Edge browser, based on open-source Chromium. (more…)

MY TAKE: GenAI revolution — the transformative power of ordinary people conversing with AI

By Byron V. Acohido

SAN FRANCISCO — The amazing digital services we have today wouldn’t have come to fruition without the leading technology and telecom giants investing heavily in R&D.

Related: GenAi empowers business

I had the chance to attend NTT Research’s Upgrade Reality 2024 conference here  last week to get a glimpse at some of what’s coming next.

My big takeaway: GenAI is hyper-accelerating advancements in upcoming digital systems – and current ones too. This is about to become very apparent as the software tools and services we’re familiar with become GenAI-enabled in the weeks and months ahead.

And by the same token, GenAI, or more specifically Large Language Model (LLM,) has added a turbo boost to the pet projects that R&D teams across the technology and telecom sectors have in the works.

The ramifications are staggering. The ability for any human to extract value from a large cache of data – using conversational language opens up a whole new universe of possibilities. (more…)

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

By Byron V. Acohido

The technology and best practices for treating cybersecurity as a business enabler, instead of an onerous cost-center, have long been readily available.

Related: Data privacy vs data security

However, this remains a novel concept at most companies. Now comes a Forrester Research report that vividly highlights why attaining and sustaining a robust cybersecurity posture translates into a competitive edge.

The report, titled “Embed Cybersecurity And Privacy Everywhere To Secure Your Brand And Business,” argues for a paradigm shift. It’s logical that robust cybersecurity and privacy practices need become intrinsic in order to tap the full potential of massively interconnected, highly interoperable digital systems.

Forrester’s report lays out a roadmap for CIOs, CISOs and privacy directors to drive this transformation – by weaving informed privacy and security practices into every facet of their business; this runs the gamut from physical and information assets to customer experiences and investment strategies.

Last Watchdog engaged Forrester analyst Heidi Shey, the report’s lead author, in a discussion about how this could play out well, and contribute to an overall greater good. Here’s that exchange, edited for clarity and length. (more…)

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

By Zac Amos

AI chatbots are computer programs that talk like humans, gaining popularity for quick responses. They boost customer service, efficiency and user experience by offering constant help, handling routine tasks, and providing prompt and personalized interactions.

Related: The security case for AR, VR

AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms. This helps them improve their performance over time by gaining data from interactions.

In 2022, 88% of users relied on chatbots when interacting with businesses. These tools saved 2.5 billion work hours in 2023 and helped raise customer satisfaction to 69% for $0.50 to $0.70 per interaction. Forty-eight percent of consumers favor their efficiency prioritization. (more…)

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

By Byron V. Acohido

To sell us more goods and services, the algorithms of Google, Facebook and Amazon exhaustively parse our digital footprints.

Related: The role of ‘attribute based encryption’

There’s nothing intrinsically wrong with companies seeking to better understand their customers. However, over the past 20 years the practice of analyzing user data hasn’t advanced much beyond serving the business models of these tech giants.

That could be about to change. Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights.

I had the chance to visit with , senior scientist at NTT Research’s Cryptography & Information Security (CIS) Lab, to learn more about the progress being made on a promising concept called “privacy preserving aggregate statistics.” (more…)

STEPS FORWARD: How decentralizing IoT could help save the planet — by driving decarbonization

By Byron V. Acohido

The Internet of Things (IoT) is on the threshold of ascending to become the Internet of Everything (IoE.)

Related:Why tech standards matter

IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf.

This, of course, is the plot of endless dystopian books and movies that end with rogue machines in charge. Yet IoE, at this nascent stage, holds much promise to tilt us towards a utopia where technology helps to resolve our planet’s most intractable problems.

This was the theme of Infineon Technologies’ OktoberTech 2023 conference, which I had the privilege of attending at the Computer History Museum in the heart of Silicon Valley. I had the chance to visit with Thomas Rosteck, Infineon’s Division President of Connected Secure Systems (CSS.)

Infineon supplies semiconductors embedded in smart systems, most notably in automotive, power and IoT. What I found most commendable (more…)

SHARED INTEL Q&A: My thoughts and opinions about cyber threats — as discussed with OneRep

By Erin Kapcynski

Editor’s note: I recently had the chance to participate in a discussion about the overall state of privacy and cybersecurity with Erin Kapczynski, OneRep’s senior vice president of B2B marketing. OneRep provides a consumer service that scrubs your personal information from Google and dozens of privacy-breaching websites. Here is Erin’s Q&A column, which originally went live on OneRep’s well-done blog.)

For the first expert interview on our blog, we welcomed Pulitzer-winning investigative reporter Byron V. Acohido to share his ideas about the current cyber threat landscape, the biggest threats for businesses today, the role of AI and machine learning in cyberattacks and cyberdefence, and the most effective methods for companies to protect themselves.

Byron is the founder and editor-in-chief of The Last Watchdog on Privacy & Security. He previously chronicled the emergence of cybercrime while covering Microsoft for USA TODAY. His news analysis columns, podcasts, and videos are crafted to foster a useful understanding of complex privacy and cybersecurity developments for (more…)

STEPS FORWARD Q&A: Will ‘proactive security’ engender a shift to risk-based network protection?

By Byron V. Acohido

Something simply must be done to slow, and ultimately reverse, attack surface expansion.

Related: What Cisco’s buyout of Splunk really signals

We’re in the midst of driving towards a dramatically scaled-up and increasingly connected digital ecosystem. Companies are obsessed with leveraging cloud-hosted IT infrastructure and the speedy software development and deployment that goes along with that.

And yet it remains all too easy for malicious hackers to get deep access, steal data, spread ransomware, disrupt infrastructure and attain long run unauthorized access.

I heard a cogent assessment of the shift that must take at the Omdia Analyst Summit at Black Hat USA 2023. In a keynote address, Omdia’s Eric Parizo, managing prinicipal analyst, and Andrew Braunberg, principal analyst, unveiled an (more…)

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

By Byron V. Acohido

Might it be possible to direct cool digital services at holistically improving the wellbeing of each citizen of planet Earth?

Preserving privacy for a greater good

A movement aspiring to do just that is underway — and it’s not being led by a covey of tech-savvy Tibetan monks. This push is coming from the corporate sector.

Last August, NTT, the Tokyo-based technology giant, unveiled its Health and Wellbeing initiative – an ambitious effort to guide corporate, political and community leaders onto a more enlightened path. NTT, in short, has set out to usher in a new era of human wellness.

Towards this end it has begun sharing videos, whitepapers and reports designed to rally decision makers from all quarters to a common cause. The blue-sky mission is to bring modern data mining and machine learning technologies to bear delivering personalized services that ameliorate not just physical ailments, but also mental and even emotional ones.

That’s a sizable fish to fry. I had a lively discussion with Craig Hinkley, CEO of NTT Application Security, about the thinking behind this crusade. I came away encouraged that some smart folks are striving to pull us in a well-considered direction. For a full drill down, please give the accompanying podcast a listen. Here are a few key takeaways:

A new starting point

Modern medicine has advanced leaps and bounds in my lifetime when it comes to diagnosing and treating severe illnesses. Even so, for a variety of reasons, healthcare sectors in the U.S. and other jurisdictions have abjectly failed over the past 20 years leveraging Big Data to innovate personalized healthcare services. (more…)

RSAC Fireside Chat: SquareX introduces security-infused browser extension to stop threats in real time

By Byron V. Acohido

The open-source Chromium project seeded by Google more than a decade ago has triggered something of a web browser renaissance.

Related: Browser attacks mount

Browsers based on Chromium include Google Chrome and Microsoft Edge, which dominate in corporate settings – as well as popular upstarts Brave, Opera and Vivaldi. Together these browsers have given rise to a vast ecosystem of extensions – one that happens to align perfectly with a highly distributed work force and global supply chain.

Naturally, the flip side of cool, new browser capabilities is a yet another  expansion of the network attack surface. And this, in turn, has resulted in a surge of innovation in web browser security.

At RSAC 2024, I visited with  Vivek Ramachandran, founder of SquareX, a brand new start-up that’s in the thick of these developments. Google and Microsoft, he told me, are myopically focused on dealing with fresh coding vulnerabilities spinning out of Chrome and Edge and doing very little to stem live attacks. (more…)

GUEST ESSAY: Turning to cloud services can help SMBs scale to meet growth needs

By Brian Sibley

Meeting the demands of the modern-day SMB is one of the challenges facing many business leaders and IT operators today. Traditional, office-based infrastructure was fine up until the point where greater capacity was needed than those servers could deliver, vendor support became an issue, or the needs of a hybrid workforce weren’t being met.

Related: SMB brand spoofing

In the highly competitive SMB space, maintaining and investing in a robust and efficient IT infrastructure can be one of the ways to stay ahead of competitors.

Thankfully, with the advent of cloud offerings, a new scalable model has entered the landscape; whether it be 20 or 20,000 users, the cloud will fit all and with it comes a much simpler, per user cost model. This facility to integrate modern computing environments in the day-to-day workplace, means businesses can now stop rushing to catch up and with this comes the invaluable peace of mind that these operations will scale up or down as required. Added to which, the potential cost savings and added value will better serve each business and help to future-proof the organisation, even when on a tight budget. Cloud service solutions are almost infinitely flexible, rather than traditional on-premises options and won’t require in-house maintenance. (more…)

New alert: Logicalis enhances global security services with the launch of Intelligent Security

London, United Kingdom, May 13, 2024, CyberNewsWire — Logicalis, the global technology service provider delivering next-generation digital managed services, has today announced the launch of Intelligent Security, a blueprint approach to its global security portfolio designed to deliver proactive advanced security for customers worldwide.

Intelligent Security has been designed by Logicalis’ worldwide team of security specialists to give customers the most comprehensive observability and protection available. It is based on tracking and analysing cyber threats and knowledge of the latest prevention methods deployed across its customer base.

Logicalis’ tenth annual CIO report surveyed 1,000 CIOs globally and found that of the 83% of CIOs who experienced cyber-attacks in the last 12 months, only 43% feel prepared for another breach. Designed to help CIOs manage these pressures, Intelligent Security will leverage Logicalis’s security capabilities as well as its relationships with global partners such as Cisco and Microsoft, where it has the highest levels of security accreditations. (more…)

News alert: Criminal IP and Quad9 collaborate to exchange domain and IP threat intelligence

Torrance, Calif., May 13, 2024, CyberNewsWire — Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has recently signed a technology partnership to exchange threat intelligence data based on domains and potentially on the IP address to protect users by blocking threats to end users.

Criminal IP underwent rigorous data evaluation to integrate with Quad9’s threat-blocking service, demonstrating high data uniqueness and accuracy. Particularly, test results revealed a remarkable outcome: 99.1% of malicious domains identified by Criminal IP’s threat intelligence were found to be non-duplicative with other TI data.

Through this integration, Quad9 leverages the most up-to-date threat intelligence lists, incorporating data from Criminal IP’s database of malicious domains to block harmful hostnames. This process not only safeguards computers, mobile devices, and IoT systems from a diverse array of threats like malware, phishing, spyware, and botnets, ensuring privacy, but also optimizes performance.

Enhanced threat blocking

Quad9 is a free anycast DNS platform delivering robust security protections and privacy guarantees that comply with rigorous Swiss Data Protection and GDPR rules. Quad9 is operated as a non-profit by the Quad9 Foundation in Switzerland for the purpose of improving the privacy and cybersecurity of Internet users. (more…)