Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For consumers

 

RSAC Fireside Chat: Uptycs emulates Google, Akamai to protect cloud-native apps and endpoints

By Byron V. Acohido

The inadequacy of siloed security solutions is well-documented.

Related: Taking a security-first path

The good news is that next-gen security platforms designed to unify on-prem and cloud threat detection and remediation are, indeed, coalescing.

At RSA Conference 2023 I visited with Elias Terman, CMO, and Sudarsan Kannan, Director of Product Management, from Uptycs, a Walthan, Mass.-based supplier of “unified CNAPP and EDR ” services.

They described how Uptycs is borrowing proven methodologies from Google, Akamai, SAP and Salesforce to harness normalized telemetry that enables Uptycs to correlate threat activity — wherever it is unfolding. Please give a listen to the accompanying podcast for a full drill down.

Guest experts: Elias Terman, CMO, Sudarsan Kannan, Director of Product Management, Uptycs

Kannan described how Uptycs technology platform was inspired by Google’s dynamic traffic monitoring, Akamai’s content distribution prowess and Salesforce’s varied use cases based on a single data model, to help companies materially upgrade their security posture. The aim, he says, is to think like attackers, who certainly don’t operate in silos.

Terman offered the analogy of a “golden thread” stitching together varied threat activities and serving as a cloud security early warning system. The entire value chain is thereby protected, Kannan added, from the developers writing the code to automated connections to critical cloud workloads.

Terman detailed how Uptycs’ platform, indeed, touches everything within the modern attack surface and, in doing so, breaks down legacy silos and facilitates  better security outcomes.

This is part and parcel of the helpful dialogue that will carry us forward. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

GUEST ESSAY: A roadmap for wisely tightening cybersecurity in the modern workplace

By Eric Sugar

Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour.

Related: Tapping hidden pools of security talent

Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them. This problem, called ransomware, explains why keeping backups is so important. Hijackers’ demands lose power when you can just recover your operations from backups.

Cyberattacks can also lead to a loss of productivity. When your team can’t do their work because they don’t have access to the systems or these are unavailable, everything gets delayed and projects fall behind.

Finally, don’t forget the bad press that results for businesses when they are hacked. This isn’t the kind of exposure you want for your brand.

Compliance

If your organization is privy to confidential data, then you’re in charge of protecting it, and the law will hold you accountable for doing so.

The penalties for failing to protect this data can be steep. Depending on the type of information businesses lost and how they tried to protect it, they can be fined up to five percent of their revenue.

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

By Kolawole Samuel Adebayo

In an increasingly interconnected world, the evolution of the automotive industry presents an exciting yet daunting prospect.

Related: Privacy rules for vehicles

As vehicles continue to offer modern features such as app-to-car connectivity, remote control access, and driver assistance software, a huge risk lurks in the shadows.

The physical safety of things like airbags, rearview mirrors, and brakes is well accounted for; yet cybersecurity auto safety concerns are rising to the fore.

What used to be a focus on physical safety has now shifted to cybersecurity due to the widened attack surface that connected cars present. The rapid advancements in electric vehicles (EVs) has only served to heighten these concerns.

Funso Richard, Information Security Officer at Ensemble, highlighted the gravity of these threats. He told Last Watchdog that apart from conventional attacks, such as data theft and vehicle theft, much more worrisome types of attacks are emerging. These include ransomware targeting backend servers, distributed denial of service (DDoS) attacks, destructive malware, and even weaponizing charging stations to deploy malware.

GUEST ESSAY: How to close the skills gap by dipping into hidden pools of cybersecurity talent

By Sara Velasquez Posada

There is no doubt there is a constant and growing concern amongst CEO’s, and particularly CISO’s, concerning the hiring of the cybersecurity talent their organizations require to safeguard against cyberattacks.

According to Cybersecurity Ventures, by 2025 there will exist a gap of over 3.5 million unfilled cybersecurity positions. Moreover, of the current worldwide workforce, surveys conducted by PwC have shown that there is only a 38 percent ‘availability of key skills’, considering the new and more sophisticated emerging threats developed by malicious actors.

These stats are both alarming, and pose an important question that we will try to help you figure out : Where are you supposed to find the right cybersecurity talent for your organization?

Various industries, particularly those that have been recently targeted the most by cyber attackers (such as critical infrastructure and even governmental entities) have increased their need for hiring cybersecurity talent.

And even though people are becoming increasingly aware of the immense possibilities that exists when starting a career in the field, the pace at which they are gaining the required skills and knowledge to meet the security needs of organizations is not as high as the growing demand for their assistance.

To ensure your organization hires the best cybersecurity talent currently available in the market, we have gathered a list of tips that can be helpful during this critical process:

RSAC Fireside Chat: Here’s why companies are increasingly turning to MSSPs for deeper help

By Byron V. Acohido

Managed Security Service Providers, MSSPs, have been around for some time now as a resource to help companies operate more securely.

Related: CMMC mandates best security practices

Demand for richer MSSP services was already growing at a rapid pace, as digital transformation gained traction – and then spiked in the aftermath of Covid 19. By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.

At RSA Conference 2023 , which gets underway next week at San Francisco’s Moscone Center, I expect that there’ll be buzz aplenty about the much larger role MSSPs seem destined to play.

I had the chance to visit with Geoff Haydon, CEO of Ontinue, a Zurich-based supplier of a managed extended detection and response (MXDR) service. We discussed the drivers supporting the burgeoning MSSP market, as well as where innovation could take this trend.

Guest expert: Geoff Haydon, CEO, Ontinue

For its part, Ontinue is leveraging Microsoft collaboration and security tools and making dedicated cyber advisors available to partner with its clients. “Microsoft has emerged as the largest, most important cybersecurity company on the planet,” Haydon told me. “And they’re also developing business applications that are very conducive to delivering and enriching a cyber security program.”e

I covered Microsoft as a USA TODAY technology reporter when Bill Gates suddenly ‘got’ cybersecurity, so this part of our discussion was especially fascinating. For a drill down, please give the accompanying podcast a listen. Meanwhile, I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

MY TAKE: Putin’s weaponizing of ransomware shows why network security needs an overhaul

By Byron V. Acohido

At 10 am PDT, next Wednesday, April 19th,  I’ll have the privilege of appearing as a special guest panelist and spotlight speaker on Virtual Guardian’s monthly Behind the Shield cybersecurity podcast.

Related: The Golden Age of cyber spying is upon us

You can RSVP – and be part of the live audience – by signing up here. The moderator, Marco Estrela, does a terrific job highlighting current cybersecurity topics ripped from the headlines. For my part, I’m going to ‘follow the money’ with respect to the strategic use of weaponized ransomware on  the part of Vladimir Putin.

I recently had the chance to drill down on this topic as part of a Last Watchdog Fireside Chat podcast I’m currently producing. Stay tuned for my eye-opening discussion with BullWall, a Danish startup that’s in the midst of helping companies effectively mitigate cyber extortion.

Meanwhile, in the April 19th episode of Behind the Shield,  I’m going to attempt to summarize the big theme I’m hearing from BullWall and numerous other security vendors as I get ready to make the trek to San Francisco’s Moscone Center to cover RSA Conference 2023 in person – after two years of covering it remotely.

And that theme is . . . the unfolding reconstitution of network defense. There’s a common thread running through all of the advanced tools, new security frameworks and innovative security services that are rapidly gaining traction.

At some level, they all drive us in the direction of creating a new tier of overlapping, interoperable, highly automated security platforms.  The end game quite clearly must be to bake security deep inside the highly interconnected systems that will give us climate-rejuvenating vehicles and buildings and spectacular medical breakthroughs.

I’ll get this discussion going at Virtual Guardian’s Behind the Shield podcast next week. And I’ll try to ramp it up in my upcoming series of Last Watchdog RSA Insights Fireside Chat podcasts … more

GUEST ESSAY: Cyber hygiene need not be dreary — why engaging training is much more effective

By Lise Lapointe

Instilling a culture of cyber security at your organization requires your people to maintain a high level of knowledge and awareness about cyber security risks—and that takes an effective, impactful, and ongoing security awareness program.

Related: Deploying employees as human sensors

However, a security awareness program is only as good as its content. To ensure that your end users retain core concepts and knowledge, it’s important to contextualize topics and keep your people engaged during the entire training process.

Additionally, to hold their interest, the content must be fun.These results are achieved in a few different ways. Let’s take a closer look.

Make it engaging!

First and foremost, your security awareness program’s content must be engaging. Break up lessons into bite-size morsels, and carefully divide them by topics. Keep the interface simple, and include an interactive component, such as a short quiz, in each lesson.

Also, tailor content to the user’s specific role within the organization. You might show someone in a manager role, for example,