Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

By Byron V. Acohido

Deploying the latest, greatest detection technology to deter stealthy network intruders will take companies only so far.

Related: What we’ve learned from the massive breach of Capitol One

At RSA 2020, I learned about how one of the routine daily chores all large organizations perform — data governance — has started to emerge as something of a cybersecurity multiplier.

It turns out there are some housekeeping things companies can do while ingesting, leveraging and storing all of the data churning through their complex hybrid cloud networks. And by doing this housekeeping – i.e. by improving their data governance practices — companies can reap higher efficiencies, while also tightening data security.

This nascent trend derives from a cottage industry of tech vendors in the “content collaboration platform” (CCP) space, which evolved from the earlier “enterprise file sync and share”  (EFSS) space. I had the chance to sit down with Kris Lahiri, CSO and co-founder of Egnyte, one of the original EFSS market leaders. For a drill down on our discussion about how data governance has come to intersect with cybersecurity, give a listen to the accompanying podcast. Here are key takeaways:

Storage efficiencies

With so much data coursing through business networks, companies would be wise to take into consideration the value vs. risk proposition of each piece of data, Lahiri says. The value of data connected to a live project is obvious. What many organizations fail to do is fully assess – and set policies for — data they hang on to after the fact.

One reason for this is storage is dirt cheap. It has become common practice for companies to store a lot of data without really thinking too hard about it. In fact, there’s a strong case to be made for meticulously archiving all stored data, as well as getting on a routine of purging unneeded data on a regular basis. (more…)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

One Comment | Read | April 1st, 2020 | Best Practices | For technologists | Podcasts | Privacy | RSA Podcasts | Steps forward | Top Stories

Q&A: Accedian’s Michael Rezek on using ‘Network Traffic Analysis’ to defend hybrid networks

By Byron V. Acohido

Defending business networks isn’t getting any easier. Companies can have the latest, greatest perimeter defenses, intrusion detection systems and endpoint protections – and attackers will still get through. Just ask Equifax or Capital One.

Related: Why cybersecurity should reflect societal values

An emerging approach, called Network Traffic Analysis, is gaining traction as, in effect, a catch-all network security framework positioned at the highest layer of the networking stack. Heavyweights Cisco and FireEye are playing in this space. And so are a couple of dozen other vendors, many of them extending over from the network performance monitoring arena.

I had a lively discussion at RSA 2020 with one of these vendors, Accedian, a 15-year-old company based in Montreal, Canada. For a full drill down on my discussion with Michael Rezek, Accedian’s vice president of business development and cybersecurity strategy, give a listen to the accompanying podcast. Here are excerpts of my interview with Rezek, edited for clarity and length.

LW: How would you frame the security challenge companies are facing today?

Rezek: IT infrastructure today is more distributed than it has ever been, whether it’s Platform as a Service, Infrastructure as a Service, or cloud, multi-cloud, or hybrid cloud. This distribution of IT assets creates far more network dependencies than it ever has before.

Comment | Read | March 26th, 2020 | For technologists | New Tech | Podcasts | RSA Podcasts | Steps forward | Top Stories

SHARED INTEL: FireMon survey shows security lags behind fast pace of hybrid cloud deployments

By Byron V. Acohido

Corporate America’s love affair with cloud computing has hit a feverish pitch. Yet ignorance persists when it comes to a momentous challenge at hand: how to go about tapping the benefits of digital transformation while also keeping cyber exposures to a minimum level.

Related: Why some CEOs have quit tweeting

That’s the upshot of FireMon’s second annual State of Hybrid Cloud Security Report of 522 IT and security professionals, some 14 percent of whom occupy C-suite positions.

Nearly 60 percent of the respondents indicated the pace of their cloud deployments have surpassed their ability to secure them in a timely manner. Notably, that’s essentially the same response FireMon got when it posed this same question in its inaugural hybrid cloud survey some 14 months ago.

That’s not a good thing, given migration to cloud-based business systems, reliance on mobile devices and onboarding of IoT systems are all on an upward sweep. “It doesn’t seem like we’ve moved the needle on security at all,” says Tim Woods, vice president of technology alliances at FireMon, the leading provider of automated network security policy management systems.

I had the chance to visit with Woods at RSAC 2020 in San Francisco recently. For a full drill down on our discussion, please give a listen to the accompanying podcast. Here’s a summary of key takeaways:

Shared burden confusion

Hybrid cloud refers to the mixing and matching of on-premise IT systems, aka private clouds, with processing power, data storage, and collaboration tools leased from public cloud services, such as Amazon Web Services, Microsoft Azure and Google Cloud. Hybrid clouds are being leveraged to refresh legacy networks, boost productivity and innovate new software services at breakneck speed, to keep pace with rivals.

Comment | Read | March 18th, 2020 | For technologists | My Take | Podcasts | Privacy | RSA Podcasts | Top Stories

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

By Byron V. Acohido

Wider use of Internet of Things systems that can make daily living safer, healthier and more convenient is on the immediate horizon. However, to fully capture the benefits of an IoT-centric economy, a cauldron of privacy and security concerns must first be quelled.

Related: The promise and pitfalls of IoT

At the technology level, two fundamental things must get accomplished. First, the identities of any two digital entities – a sensor and a control server, for instance, or even a microservice and a container —  must be authenticated, and, second, the data exchanged between any two such digital instances must be encrypted.

The good news is that the technology to do this – on the fly and at the massive scale required — exists and is being reinforced. I’m referring to the Public Key Infrastructure, or PKI, and the underlying TLS/SSL authentication and encryption protocols.

The PKI framework revolves around distributing and continually managing digital certificates, issued by Certificate Authorities (CAs). PKI today appears to be in very good shape (link) and is on track to become even more robust, which it will have to be in order to function seamlessly at the massive scale required.

Consider this: just five years ago, a large enterprise was typically responsible for managing, at most, a few million digital certificates. But as IoT systems gain more and more traction, that number will climb into the hundreds of million, per company.

Setting priorities

The core IoT challenge, going forward, is not about technology —  it’s about corporate priorities. It is incumbent upon enterprises plunging forward with digital transformation to embed security and emphasize cyber hygiene – much more so than they generally do today.  IoT device manufacturers must embed basic security protocols at a granular level, and corporate captains must instill a security-first culture — to a level much deeper than is common today.

“If you’re not authenticating connections and you’re not encrypting your … more

Comment | Read | March 4th, 2020 | For technologists | My Take | Podcasts | Steps forward | Top Stories

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

By Byron V. Acohido

DevOps is now table stakes for any company hoping to stay competitive. Speed and agility is the name of the game. And everyone’s all-in.

Related: A firewall for microservices

DevSecOps arose to insert security checks and balances into DevOps, aiming to do so without unduly degrading speed and agility.

If you’re thinking that speed and security are like oil and water, you’re right. At RSA 2020, I had an eye-opening discussion with Rohit Sethi, CEO of Security Compass, about this. Sethi walked me through some of the limitations of DevSecOps, as well as the approach Security Compass is taking to help shore it up. For a full drill down on our discussion, please give the accompanying podcast a listen. Here are key takeaways:

The speed imperative

Software has become the life blood of virtually all industries. As companies have come to realize how pivotal software is, an urgency has arisen to develop code as quickly as humanly possible.

Fail fast. That’s become the mantra of DevOps. Pour everything into quickly deploying minimally viable software to learn where it works or fails, and then iterate and remediate on the fly. Fail fast has replaced the methodical, linear approach to developing software, which sought to achieve a perfect product.

One Comment | Read | March 31st, 2020 | For technologists | New Tech | Podcasts | RSA Podcasts | Steps forward | Top Stories

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

By Byron V. Acohido

Agile software innovation is the order of the day. Wonderous digital services are the result.

Related: Micro-segmentation taken to the personal device level

The flip side, of course, is that an already wide-open attack surface – one that has been getting plundered for the past two decades by criminal hacking groups — is getting scaled up, as well.

Enter micro-segmentation; or microsegmentation, depending on which cybersecurity vendor you’re talking to.

Micro-segmentation is a fresh approach to defending company networks that is actually a throwback to a 30-year-old security concept, called network segmentation. It’s a way to replace the clunky controls that were designed to cordon off certain zones of on-premises IT infrastructure with sleek, software-defined controls that are more fitting for the hybrid cloud networks that will take us forward.

Micro-segmentation got a lot of attention at RSA 2020. I had the chance to learn more about how it works, and why it holds so much promise, in a visit with Pavel Gurvich, co-founder and chief executive officer of Tel Aviv, Israel-based Guardicore, one of the leading players in this space. For a full drill down on our conversation, give the accompanying podcast a listen. Here are the key takeaways:

Micro-managing workloads

Companies today are immersed in digital transformation; they’re migrating to cloud-based business systems, going all in on mobile services and embracing Internet of Things systems whole hog. DevOps has taken center stage. Software innovation happens by combining “microservices” within “software containers” that circulate in virtual “storage buckets,” spun up in Amazon Web Services (AWS,) Microsoft Azure and Google Cloud.

One Comment | Read | March 30th, 2020 | For technologists | New Tech | Podcasts | RSA Podcasts | Steps forward | Top Stories

MY TAKE: Deploying ‘machine learning’ at router level helps companies prepare for rise of 5G

By Byron V. Acohido

Machine learning (ML) and digital transformation (DX) go hand in glove.

We’ve mastered how to feed data into pattern-recognition algorithms. And as we accelerate the digitalization of everything, even more data is being generated.

Related: Defending networks with no perimeter

Machine learning already is deeply embedded in the online shopping, banking, entertainment and social media systems we’ve come to rely on. Meanwhile, criminal hacking groups increasingly leverage ML  to pillage those very same online systems.

At RSA 2020, I was encouraged by strong evidence that the cybersecurity industry has now jumped fully on board the ML bandwagon. Juniper Networks, known for its high-performance routers, is in the vanguard of established technology and cybersecurity vendors applying ML and automation to defend company networks.

I had the chance to sit down with Laurence Pitt, Juniper’s global security strategy director. We had a lively discussion about the surge of fresh data about to hit as 5G interconnectedness gains traction — and how this will surely result in a spike in fresh vulnerabilities. For a full drill down please give the accompanying podcast a listen. A few key takeaways:

Trust factor

This is an exciting time in the world of network security, with the growth of 5G pushing industries into a world where virtually anything can be connected. The proliferation of connected devices means that anything with a vulnerability can become an attack vector for the network, however, and it requires massive resources to manage all these systems and identify possible threats.

Comment | Read | March 25th, 2020 | Best Practices | For technologists | My Take | Podcasts | RSA Podcasts | Top Stories

NEW TECH: QuoLab advances ‘Security Operations Platform’ — SOP — technology

By Byron V. Acohido

Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day.

I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR technologies have arisen in just the past few years to help companies try to make sense of it all, even as catastrophic breaches persist.

Related: ‘Risk-based’ analysis used in SOAR

At RSA 2020, I learned about yet another emerging approach, with supporting technology, called  Security Operations Platform (SOP.) At a high level, the role of a SOP is to help squeeze more efficiency – and effectiveness – out of the dense stack of security systems already deployed in the Security Operations Centers (SOCs) of mid-sized and large enterprises.

Next-gen firewall pioneer Palo Alto Networks has staked out turf in the emerging SOP space. I had the chance to visit with a brand spanking new SOP player, QuoLab Technologies, which had its U.S. launch at RSA 2020. QuoLab actually has been refining its core technology for two and a half years as part of QuoScient, the Frankfurt, Germany-based cybersecurity vendor from which it was spun out. For a full drill down on my conversation with Dan Young, QuoLab’s co-founder and chief operating officer, please give the accompanying podcast a listen. Here are my key takeaways:

Team infrastructure

It’s often said that security is a team sport. Or at least it should be. SIEM — security information and event management – is an approach to ingesting event and log data from core IT systems, as well as from the wide array of security systems most enterprises have in place. SIEMs sift out any packets of data that looks out of the ordinary.

One Comment | Read | March 24th, 2020 | For technologists | New Tech | Podcasts | RSA Podcasts | Steps forward | Top Stories

NEW TECH: WhiteHat Security tackles ‘dangling buckets,’ other new web app exposures

By Byron V. Acohido

WhiteHat Security got its start some 17 years ago in Silicon Valley to help companies defend their public-facing websites from SQL injection and cross-site scripting hacks.

Related: Mobile apps are full of vulnerabilites

Both hacking methods remain a problem today. Yet organizations have many more application security headaches to resolve these days. As companies integrate digital technology into every aspect of their daily business operation, WhiteHat has seen strong demand for its innovative cloud-based application security platform.

I caught up with Bryan Becker, WhiteHat Security product manager, at the RSA 2020 Conference in San Francisco recently. In a wide-ranging discussion, we examined how local governments have become prime targets of ransomware purveyors, and why APIs translate into a vast new attack surface. For a full drill down please give the accompanying podcast a listen. A few key takeaways:

Targeting local government

For decades, nation-state attacks have caused serious havoc across the world, primarily targeting critical infrastructure such as power grids and industrial control systems, as well as government agencies, often disrupting operations and leaking sensitive information. Russia’s multiple take downs of Ukraine’s power grid and Chinese plundering of the U.S. Office of Personnel Management are two prime examples.

In the past several years however, state governments and municipalities that have come under withering ransomware attacks. What’s more, election tampering at the local level has become an established component of national elections.

Comment | Read | March 19th, 2020 | Best Practices | For technologists | New Tech | Podcasts | RSA Podcasts | Steps forward | Top Stories

Older Articles »