Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

My Take

 

MY TAKE: Get ready to future-proof cybersecurity; the race is on to deliver ‘post-quantum crypto’

By Byron V. Acohido

Y2Q. Years-to-quantum. We’re 10 to 15 years from the arrival of quantum computers capable of solving complex problems far beyond the capacity of classical computers to solve.

PQC. Post-quantum-cryptography. Right now, the race is on to revamp classical encryption in preparation for the coming of quantum computers. Our smart homes, smart workplaces and smart transportation systems must be able to withstand the threat of quantum computers.

Put another way, future-proofing encryption is crucial to avoiding chaos. Imagine waiting for a quantum computer or two to wreak havoc before companies commence a mad scramble to strengthen encryption that protects sensitive systems and data, the longer we wait, the bigger the threat gets.

Related: The case for ‘zero-trust’

The tech security community gets this. One recent report estimates that the nascent market for PQC technology will climb from around $200 million today to $3.8 billion by 2028 as the quantum threat takes center stage.

I had the chance to visit at RSA 2019 with Avesta Hojjati, head of research and development at DigiCert. The world’s leading provider of digital certificates is working alongside other leading companies, including Microsoft Research and ISARA, to gain endorsement from the National Institute of Standards for breakthrough PQC algorithms, including Microsoft’s “Picnic” and ISARA’s qTESLA.

Hojjati outlined the challenge of perfecting an algorithm that can make classical computers resistant to quantum hacking — without requiring enterprises to rip-and-replace their classical encryption infrastructure. For a full drill down of our discussion, give a listen to the accompanying podcast. Below are excerpts edited for clarity and length.

LW: What makes quantum computing so different than what we have today? …more

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

By Byron V. Acohido

Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds.

Related: How NSA cyber weapon could be used for a $200 billion ransomware caper

Exabeam is a bold upstart in the SIEM space. The path this San Mateo, CA-based vendor is trodding tells us a lot about the unfolding renaissance of SIEMs – and where it could take digital commerce.

Launched in 2013 by Nir Polak, a former top exec at web application firewall vendor Imperva, Exabeam in just half a decade has raised an eye-popping $115 million in venture capital, grown to almost 350 employees and reaped over 100 percent revenue growth in each of the last three years.

I had the chance to visit with Trevor Daughney, Exabeam’s vice president of product marketing at RSA 2019. He explained how Exabeam has taken some of the same data analytics techniques that banks have long used to staunch credit card fraud and applied them to filtering network data logs. For a full drill down on our conversation, please listen to the accompanying podcast. Here are a few takeaways:

Very Big Data

The earliest SIEMs cropped up around 2005 or so. Led by the likes of Splunk, LogRhythm, IBM and Exabeam, the global SIEM market is expected to grow to over $5 billion annually in 2022.

Related: Autonomous vehicles are driving IoT security innovation

Fundamentally, SIEMs collect event log data from internet traffic, as well as corporate hardware and software assets. The starting idea was for a security analyst to then sift meaningful security intelligence from a massive volume of potential security events and keep intruders out. Yet, SIEMs never quite lived up to their initial promise.

And now, Big Data is about to become Very Big Data. Consider that 90 percent of the data that exists in the world today was generated in just the past couple of years. That includes everything moving across the internet: email, texting, online searches, social media posts, entertainment streaming, global finance, scientific research and cyber warfare. And on the horizon loom a full blown Internet of Things (IoT) and 5G networks, which will drive data generation to new heights. …more

NEW TECH: Votiro takes ‘white-listing’ approach to defusing weaponized documents

By Byron V. Acohido

It’s hard to believe this month marks the 20th anniversary of the release of the devastating Melissa email virus which spread around the globe in March 1999.

Related: The ‘Golden Age’ of cyber espionage is upon us

Melissa was hidden in a weaponized Word document that arrived as an email attachment. When the recipient clicked on the Word doc, a macro silently executed instructions to send a copy of the email, including the infected attachment, to the first 50 people listed as Outlook contacts.

Unfortunately, despite steady advances in malware detection and intrusion prevention systems, and much effort put into training employees to be wary of suspicious email, weaponized email and document-based malware remain as virulent as pervasive as it was two decades ago.

The Defense Department, for instance, detects 36 million malware-infested emails arriving from hackers, terrorists and foreign adversaries every 24 hours. That translates into an onslaught of some 13 billion weaponized emails raining down on Pentagon on an annual basis. This gives you an idea of the steady flow of weaponized email attacks against companies of all sizes and in all sectors, with certain verticals, namely financial services, healthcare companies and tech firms bearing the brunt.

I had a revelatory discussion about this with Aviv Grafi, CEO of Votiro, at RSA 2019 in San Francisco last week. Votiro is a Tel Aviv-based security startup that is pioneering a new white-listing approach to help companies mitigate their exposure to weaponized email and document-distributed malware. For a full drill down, please listen to the accompanying podcast. The key takeaways:

Productivity vs. security

Threat actors fully grasp that humans will forever remain the weak link in any business network. And they’re accomplished at sidestepping the latest perimeter and near-perimeter defenses. Meanwhile, they’ve also become adept at manipulating widely-used, legitimate workplace tools, for instance, …more

MY TAKE: What the Ethiopian 737 Max 8 crash should tell us about the safety of ‘smart’ jetliners

By Byron V. Acohido

When news broke about the crash of a Ethiopian Airlines Boeing 737, the first question that popped into my head was whether an older 737 model, still using the flawed rudder actuator, might have been involved.

Related: Historical context of the rudder flaws on older model 737s

Of course it was actually the newest iteration of the 737, the Max 8. I’m no longer covering aviation. But having chronicled the saga of the 737 flawed rudder design, which Boeing ultimately replaced, here is what I’m wondering:

•I wonder if this will turn out to be yet another in a long …more

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

By Byron V. Acohido

A common thread runs through the cyber attacks that continue to defeat the best layered defenses money can buy.

Related: We’re in the midst of ‘cyber Pearl Harbor’

Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT security systems.

In a sense, memory attacks are a reflection of what has been left out of the $216 billion companies spent over the past two years on security products and services. That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. Memory hacking is being carried out across paths that have been left comparatively wide open to threat actors who are happy to take full advantage of the rather fragile framework of processes that execute deep inside the kernel of computer operating systems.

Last Watchdog recently sat down with Satya Gupta, founder and CTO of Virsec, a San Jose-based supplier of advanced data protection systems. Virsec is a leading innovator of memory protection technologies. Gupta put memory attacks in context of the complexity that has overtaken modern business networks. Here’s what I took away from our discussion:

Transient hacks

Memory hacking has become a go-to technique used both by common cybercriminals, as well as nation-state backed hacking specialists. Threat actors are crafting memory attacks designed to help them gain footholds, move laterally and achieve persistence deep inside well-defended enterprise networks.

Microsoft, supplier of the Windows operating system used ubiquitously in enterprise networks, recently disclosed that fully 70% of all security bugs pivot off what the software giant refers to as “memory safety issues.”

These are issues that are coming into play in all other major OSs, as well as at the processing chip level of computer hardware.

For instance, major vulnerability was discovered lurking in the GNU C Library, or GLIBC, an open source component that runs deep inside of Linux operating systems used widely in enterprise settings. GLIBC keeps common code in one place, thus making it easier for multiple programs to connect to the company network and to the Internet. Turns out it was possible for a threat actor to flood GLIBC with data, take control of it, and then use it as a launch point for stealing passwords, spying on users and attempting to usurp control of other computers. …more

MY TAKE: Why the next web-delivered ad you encounter could invisibly infect your smartphone

By Byron V. Acohido

Google, Facebook and Amazon have gotten filthy rich doing one thing extremely well: fixating on every move each one of us makes when we use our Internet-connected computing devices.

Related: Protecting web gateways

The tech titans have swelled into multi-billion dollar behemoths by myopically focusing on delivering targeted online advertising, in support of online retailing. This has largely shaped the digital lives we’ve come to lead.

Turns out all of this online profiling has a dark side. Cybercriminals have begun escalating their efforts to bend the legitimate online advertising and retailing fulfillment ecosystem to their whims.

This development is unfolding largely off the radar screen of the website publishers who depend on this ecosystem, says Chris Olson, CEO of the Media Trust, a 15-year-old website security vendor, based in McLean, VA that is on the front lines of mitigating this seething threat.

Meanwhile, billions of consumers who participate in this ecosystem each minute of every day remain blissfully ignorant of how they are increasingly being placed in harm’s way, simply doing routine online activities, Olson told Last Watchdog.

Losing control of risk

Like most other pressing cybersecurity challenges today, the problem is rooted in digital transformation. Specifically, to make their digital operations ever more flexible and agile, enterprises have grown ever more reliant on third-party software developers. …more

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

By Byron V. Acohido

As companies make more extensive use of evermore capable – and complex — digital systems, what has remained constant is the innumerable paths left wide open for threat actors to waltz through.

Related: Applying ‘zero trust’ to managed security services.

So why hasn’t the corporate sector been more effective at locking down access for users? It’s not for lack of trying. I recently discussed this with Chris Curcio, vice-president of channel sales at Optimal IdM, a Tampa, Fla.-based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions.

Curcio walked me through how identity management technologies evolved over the past two decades. He pointed out how they’ve gone through a series of consolidations, including one unfolding right now. I found this historical overview to be quite instructive. It shed light on how we got to this era of companies struggling to secure highly complex networks, housed on-premises and in overlapping public and private clouds, while at the same time striving to optimize the productivity of employees and – increasingly — third-party suppliers and contractors.

Fortunately, the identity management space has attracted and inspired some of the best and brightest tech security innovators and entrepreneurs. And the encouraging news is that the best of them have, once again, begun to seek out alliances in an effort to elevate baseline protections. Here are takeaways from our fascinating discussion:

Access pain points

As this century began, and companies began assembling the early iterations of modern business networks, there was a big need for employees to log into company email systems and business applications. So along came a group of startups supplying “single sign-on” capability – a way for a user to access multiple applications with one set of credentials.

A separate set of startups soon cropped up specifically to handle the provisioning of log on accounts that gave access to multiple systems, and also the de-provisioning of those accounts when a user left the company. It wasn’t too long before the single sign-on suppliers and the provisioning vendors began to merge; most of the leaders were acquired by tech giants like Oracle, IBM, Cisco, CA Enterprises and Sun Microsystems.

Not long afterwards, in about the 2010 time frame, IAM vendors first arrived on the scene, including Optimal IdM, Centrify, Okta and CyberArk, followed by many others. These vendors all spun out of the emergence of a new set of protocols, referred to as federated standards, designed to manage and map user identities across multiple systems. The IAM vendors took single sign-on to the next level, adding multi-factor authentication and other functionalities. …more