Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

For technologists


Black Hat Fireside Chat: ‘UEM’ solutions seek to protect endpoints, preserve user experience

By Byron V. Acohido

LAS VEGAS — Shadow IT and BYOD security exposures have long bedeviled businesses – ever since the iPhone and Dropbox first came on the scene.

Covid 19 only intensified the problem of how to securely manage the personally owned devices and unvetted apps employees gravitate to.

At Black Hat USA 2023, taking place here this week, suppliers of unified endpoint management (UEM) solutions collectively will lay out a roadmap for resolving Shadow IT and BYOD once and for all.

UEM vendors range from tech giants IBM, Microsoft and Google to a swelling cottage industry of startups and mid-sized suppliers of mobile device and vulnerability management services.

I had the chance to visit with Ashley Leonard, CEO of Syxsense, a Newport Beach, Calif.-based vendor

GUEST ESSAY: Why any sudden influx of spam emails is an indicator of a likely security issue

By Zac Amos

We all get spam emails, and while it’s annoying, it’s not usually anything to worry about. However, getting a huge influx of spam at once is a warning sign. People suddenly getting a lot of spam emails may be the target of a sophisticated cyber-attack.

Related: How AI can relieve security pros

What causes spam emails? Someone leaking, stealing or selling account information can cause a sudden influx of spam emails. It may also be a part of a more targeted attack. There are four main causes of spam emails:

•Sold email: Websites sometimes sell email address information to third parties.

•Spam interaction: Previous interactions with spam are a signal to scammers. They send more messages when they know the account is active and possibly interested.

•Leaked email: Companies or third-party vendors put email address security at risk when they experience data breaches.

•Mailing list: Signing up for a mailing list may trigger spam. Even without hitting enter,

Black Hat Fireside Chat: Horizon3.ai makes a strong case for continuous, self-service pentesting

By Byron V. Acohido

LAS VEGAS — Penetration testing, traditionally, gave businesses a nice, pretty picture of their network security posture — at a given point in time.

Related: Going on the security offensive

Such snapshots proved useful for building audit trails, particularly for companies in heavily regulated industries. However, manual pentests never really were very effective at shining a light on emerging cyber exposures of the moment.

Enter advanced pentesting. One of the hot topics at Black Hat USA 2023, which ramps up here this week in the desert heat, is how automation and machine learning are underpinning pentesting solutions deeply and continuously. This self-service, self-directed, continuous infrastructure pentesting approach allows organization to discover their exploitable attack surfaces and reduced their risk.

I had the chance to visit with someone in the thick of this important shift: Snehal Antani, CEO of Horizon3.ai, a San Francisco-based supplier of “autonomous” vulnerability

Black Hat insights: JupiterOne’s whodunnit puts CISOs on the trail of solving a devastating breach

By Byron V. Acohido

LAS VEGAS — One fundamental reason some 7,000 or so IT pros are making the trek here this week is that no one ever wants to get caught in the crossfire of a devastating data breach.

Related: A call to regulate facial recognition

That said, a few dozen CISOs attending Black Hat USA 2023 will get to experience, hands-on, what it must have been like to be in the crucible of milestone hacks like Capital One, SolarWinds and Colonial Pipeline.

They qualified, by means of solving a cipher, to attend a unique event put on by JupiterOne, a Morrisville, NC-based supplier of cyber asset visibility technology. On Tuesday evening, these CISOs will head over to a secret location and immerse themselves in The Data Heist, an audience-participation whodunnit starring Sounil Yu, JupiterOne’s Security Ambassador, who is also a CISO and an author, with a supporting cast of professional actors.

The Data Heist’s opening night, if you will, was in Boston a couple of weeks ago. The cybersecurity pros in attendance had a chance to apply their skills in a festive setting – while role-playing as cyber sleuths responding to a catastrophic network breach. The audience members enthusiastically solved ciphers, uncovered hidden

Black Hat Fireside Chat: Easy come, easy go access strengthens ‘Identity Threat Detection & Response’

By Byron V. Acohido

The rise of the remote workforce, post Covid-19, did nothing to make the already difficult task of doing Identity and Access Management (IAM) any easier for CISOs.

Related: Exposing Shadow IT

With Black Hat USA 2023 ramping up in Las Vegas next week, cybersecurity startup Trustle is championing a new product category—Identity Threat Detection & Response (ITDR)—which aims to enhance the capabilities of legacy IAM solutions.

Companies today are struggling to answer fundamental questions about their cloud environments, such as, who are my users and what can they access? How did they obtain this access? When they don’t need this access, do their identities still exist? Questions like these are a driving force behind the adoption of ITDR, which is becoming a crucial component in the realm of Cloud Infrastructure Entitlement Management (CIEM) and access management.

I had the chance to sit down with Trustle CEO Emiliano Berenbaum to learn just how ITDR can help companies much more efficiently manage user identities and access privileges, while also strengthening

GUEST ESSAY: Here’s why shopping for an EV feels very much like shopping for a new laptop

By James Jeffs

Computer chips have been part of cars for a long time, but no one really cares about them until they stop working or they are late to the production line.

Related: Rasing the bar of cyber safety for autos

However, the research within IDTechEx’s “Semiconductors for Autonomous and Electric Vehicles 2023-2033” report shows that trends within the automotive industry mean consumers will soon be caring far more about what chips are in their cars. IDTechEx expects that purchasing a new vehicle will soon feel like shopping for a new laptop.

What are the main concerns when buying a laptop? For most people, it will be things like how long the battery will last, how nice the screens are, and what computer chip it comes with.

Evaluating a vehicle’s worth based on the number of cylinders, horsepower, and miles per gallon will soon be irrelevant. We already know that electric vehicles will be dominating the market soon, ticking off the choice of vehicle based on how long the battery lasts, but what about the other two criteria?

It has been hard to escape the screenification of car cabins over the past few years.

GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication

By Thierry Gagnon

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies.

Related: Satya Nadella calls for facial recognition regulations

Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember. That all changed rather quickly.

Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. In fact, according to Verizon’s most recent data breach report, approximately 80 percent of all breaches are caused by phishing and stolen credentials. Not only are passwords vulnerable to brute force attacks, but they can also be easily forgotten and reused across multiple accounts.

They are simply not good enough. The sudden inadequacy of passwords has prompted broad changes to how companies must create, store, and manage them. The problem is these changes have made the user experience more convoluted and complicated.