Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

My Take


Why antivirus has endured as a primary layer of defense — 30 years into the cat vs. mouse chase

By Byron V. Acohido

Antivirus software, also known as antimalware, has come a long, long way since it was born in the late 1980’s to combat then nascent computer viruses during a time when a minority of families had a home computer.

One notable company’s journey in the space started in 1987 when three young men, Peter Paško, Rudolf Hrubý, and Miroslav Trnka, built one of the earliest antivirus prototypes while working out of a house in the former Czechoslovakia. A few years later they formally launched ESET in the central European country of Slovakia in the city of Bratislava.

Related article: NSA super weapons fuel cyber attacks

ESET has endured as part of a select group of legacy antivirus companies that got started in that era. The list includes Avira, Avast, AVG, Bitdefender, F-Secure, G Data, Kaspersky, McAfee, Panda, Sophos, Symantec and Trend Micro.

It’s amazing that these companies all continue to thrive years later, long after pundits declared traditional antivirus too anachronistic to keep pace with the rise of ecommerce, cloud computing, mobile computing and now the Internet of Things. But they were wrong.

Today the “endpoint security” market, which includes antimalware, antispyware and firewalls, is as healthy as ever; research firm Marketsandmarkets estimates global spending on endpoint security will rise to $17.4 billion by 2020, up from $11.6 billion in 2015, a robust 8% per annum growth rate.

I had the chance to discuss ESET’s evolution from traditional antivirus to a full suite of security solutions (ransomware protection, threat intelligence, encryption and the like) with Tony Anscombe, ESET’s global security evangelist, at RSA Conference 2018. For a drill down on our conversation please give the accompanying podcast a listen. A few big takeaways: …more

MY TAKE: Why DDoS attacks continue to escalate — and how businesses need to respond

By Byron V. Acohido

Law enforcement’s big win last month dismantling ‘Webstresser,’ an online shopping plaza set up to cater to anyone wishing to purchase commoditized DDoS attack services, was a stark reminder of the ever present threat posed by Distributed Denial of Service attacks.

Related video: How DDoS attacks leverage the Internet’s DNA

The threat actors running Webstresser accepted all paying customers — no questions asked.  Anybody could use Webstresser’s online payment system to rent out stressers or booters, available for hire for as little as $18 per month — and most effective at flooding targeted servers with traffic, no technical skills required.

Webstresser had more than 136,000 registered users who patronized it to launch some 4 million DDoS attacks against government agencies, banks, police and gambling sites, according to Europol. Keep in mind, Webstresser is just one colorful example of how far DDoS attacks have come.

DDoS originated a decade or more before anyone ever thought up ransomware attacks; and DDoS has advanced and expanded, approximately on par with targeted phishing and leading-edge data breach tactics.

I recently had a chance to discuss the current state of DDoS threats with Lee Chen, CEO of A10 Networks, a leading supplier of advanced DDoS detection and mitigation systems. For a full drill down on our discussion please listen to the accompanying podcast. Here are a few takeaways: …more

MY TAKE: Why the unfolding SIEMs renaissance fits hand-in-glove with ‘digital transformation’

SIEM systems have been on the comeback trail for a few years now. And now SIEMs could be on the verge of a full-blown renaissance.

Related article: Freeing SOC analysts from tedious tasks

I spoke with several vendors who are contributing to this at RSA Conference 2018. One of them  was Securonix, a supplier advanced next-generation SIEM  (security and information management) technology. The Addison, Tex.-based company is also a leading innovator in UEBA (user and entity based analytics) systems.

For a full drill down of my conversation with Nitin Agale, Securonix’s SVP of products, please listen to the accompanying podcast. A few takeaways from our discussion:

SIEMs’ second wind

SIEMs, you may recall, first cropped up in 2005, and, at the time, got unfairly hyped as something of a silver bullet. SIEMs are designed as a tool to collect event log data from internet data as well as corporate hardware and software assets, and then cull meaningful security intelligence from a massive volume of potential security events.

For a number of reasons, SIEMs never quite lived up to their initial promise. Now, 13 years later, we’re in the midst of a “digital transformation” that has resulted in an exponential increase in the volume of business data, much of it circulating in the cloud. …more

MY TAKE: Oracle aims to topple Amazon in cloud services — by going database-deep with security

By Byron V. Acohido

Ahoy, Jeff Bezos and Amazon. Watch out! Larry Ellison and Oracle are coming after you.

The ever feisty Ellison, 73, founder of Oracle and an America’s Cup sailing champion, recently tacted the good ship Oracle onto a new course. Last October, Ellison announced the launch of a pioneering set of automated cloud services, and boasted that these new tools will help Oracle overtake Amazon as a leading cloud services provider.

Related article: Companies need a compliance strategy

Notably, a linchpin to Oracle’s new cloud strategy is cybersecurity. Specifically, the company has come up with technology the directs machine learning anomaly detection capabilities much deeper than any other security vendor has gone heretofore – into the database layer of company networks.

I recently …more

GUEST ESSAY: Rising workplace surveillance is here to stay; here’s how it can be done responsibly

By Elizabeth Rogers

People often recite the cynical phrase that ‘privacy is dead.’  I enthusiastically disagree and believe, instead, that anonymity is dead.

One area where this is being increasingly demonstrated is in the workplace. Employee surveillance has been rising steadily in the digital age. And because it’s difficult, if not impossible, to keep ones digital work life separate from ones digital private life, the potential for abuse to happen while carrying out an employee surveillance program is real.

Related video: SXSW panel hashes over employee monitoring

However, I firmly believe that, together, we can preserve the employee privacy through clearly stated social ‘contracts’ and fair enforcement of same.

Let’s begin with the notion that employees, unless advised otherwise, have a right to privacy in the workplace. However, the scales also tip in favor of the employer to monitor threats to  the company’s intellectual property.

Unique ties

Employers and employees share a unique relationship built on trust.  When it comes to assets of the company, it is in the mutual interest of both that they stay protected.  Generally, employees will sign a contract, in the form of a Non-disclosure Agreement that yields to the …more

MY TAKE: A breakdown of why Spectre, Meltdown signal a coming wave of ‘microcode’ attacks

By Byron V. Acohido

Hundreds of cybersecurity vendors are making final preparations to put their best foot forward at the RSA Conference at San Francisco’s sprawling Moscone Center next week. This will be my 15th RSA, and I can say that there is a distinctively dark undertone simmering under this year’s event. It has to do with a somewhat under-the-radar disclosure in early January about a tier of foundational security holes no one saw coming.

Related article: Meltdown, Spectre foreshadow another year of nastier attacks

Spectre and Meltdown drew a fair amount of mainstream news coverage. But I fear their true significance hasn’t resonated. We now know that there will be no quick way to fix this pair of milestone vulnerabilities that lurk in the architecture of just about every modern processor chip.

As I get ready to head to RSA, it struck me that none of the legacy security systems being hyped at the glitzy exhibition booths I’ll see at RSA seem able to solve this problem or mitigate the risks.


“Spectre and Meltdown will be the enormous elephants in the room at RSA”, said Atiq Raza, CEO of security firm Virsec. “The chip and OS vendors have failed with multiple patches and are asking for patience. Meanwhile, few security vendors understand or monitor what happens between applications and processors. This is leaving most customers worried and scratching their heads.”

Chip/kernel 101

To understand how profoundly Spectre and Meltdown have changed the cybersecurity landscape requires a bit of technical context. Processor chips are formally referred to as the Central Processing Unit, or CPU. These are the semiconductor chips manufactured by Intel, AMD, ARM and a few others.

CPUs give life to any computing device you can name. CPUs interact with the operating system, or OS, such as Windows, Macintosh, iOS and Linux. The OS, in turn, enables applications such web browsers, smartphones, business apps, web apps, games, video — and the digital infrastructure behind them — to run.

Around 1995, CPUs started getting dramatically faster and have been getting incrementally faster ever since. This happened both because of improvements in the hardware and clever ways engineers found to make processes more efficient. Every OS has a core piece of software, called the kernel, that manages and directs how each application can tap into the CPU. Keep in mind, …more

MY TAKE: How behavior monitoring can reduce workplace violence, protect sensitive data

By Byron V. Acohido

In Minority Report police use three mutated humans, called Precogs, who can previsualize crimes, to stop murders before they take place, reducing the Washington D.C. murder rate to zero. The Phillip K. Dick novella ( brought to the big screen by Tom Cruise) is set in 2054.

Yet here we are in 2018 with large data sets collected and stored on each individual who uses a phone and/or computer. Not only that, it’s possible to apply machine learning processes to these vast stores of data, create detailed behavior profiles of each consumer or worker and, well, do something along the lines of what Precogs do in Dick’s imagined future.

I had the privilege of leading a thought-provoking panel discussion drilling down on how this capability is just beginning to be introduced in the workplace. It is in the context of detecting network intruders, but it could also be extended to help companies reduce workplace violence.

Driving forces

Matt Moynahan, CEO of Forcepoint, supplied the technical backdrop, while Elizabeth Rogers, a privacy and data security partner at Michael Best & Friedrich, supplied expert insights on the legal and social implications. You can view the full panel discussion in the accompanying YouTube video.

It’s clear companies will increasingly use technology to monitor employees’ behaviors in the company network. This primary driving force is …more