Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

New Tech

 

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

By Byron V. Acohido

Doing authentication well is vital for any company in the throes of digital transformation.

Digital commerce would fly apart if businesses could not reliably affirm the identities of all humans and all machines, that is, computing instances, that are constantly connecting to each other across the Internet.

Related: Locking down ‘machine identities’

At the moment, companies are being confronted with a two-pronged friction challenge, when it comes to authentication. On the one hand, they’re encountering crippling friction when attempting to migrate legacy, on-premises systems to the cloud. And on the other hand, there’s no authentication to speak of  – when there needs to be some — when it comes to machine-to-machine connections happening on the fly to make digital processes possible.

I had an enlightening discussion about this with Dana Tamir, vice president of market strategy for Silverfort, a Tel Aviv-based supplier of agentless multi-factor authentication technology. We spoke at RSA 2020. For a full drill down of the interview, please listen to the accompanying podcast. Here are excerpts, edited for clarity and length:

LW: Can you frame the authentication challenge companies face today?

Tamir: One of the biggest changes taking place is that there are many more remote users, many more employees bringing their own devices, and many more cloud resources are being used. This has basically dissolved the network perimeter. You can’t assume trust within the perimeter  because the perimeter doesn’t exist anymore.

And yet we know that threats exist everywhere, within our own environments, and out in the cloud. So that changes the way security needs to be applied, and how we authenticate our users. We now need to authenticate users everywhere, not only when they enter the network.

LW: What obstacles are companies running into with cloud migration?

NEW TECH: CASBs continue evolving to help CISOs address multiplying ‘cloud-mobile’ risks

By Byron V. Acohido

It can be argued that we live in a cloud-mobile business environment.

Related: The ‘shared responsibility’ burden

Most organizations are all caught up, to one degree or another, in migrating to hybrid cloud networks. And startups today typically launch with cloud-native IT infrastructure.

Mobile comes into play everywhere. Employees, contractors, suppliers and customers consume and contribute from remote locations via their smartphones. And the first tools many of them grab for daily is a cloud-hosted productivity suite: Office 365 or G Suite.

The cloud-mobile environment is here to stay, and it will only get more deeply engrained going forward. This sets up an unprecedented security challenge that companies of all sizes, and in all sectors, must deal with. Cloud Access Security Brokers (CASBs), referred to as “caz-bees,” are well-positioned to help companies navigate this shifting landscape.

I had the chance to discuss this with Salah Nassar, vice president of marketing at CipherCloud, a leading San Jose, CA-based CASB vendor. We met at RSA 2020 and had a lively discussion about how today’s cloud-mobile environment enables network users to bypass traditional security controls creating gaping exposures, at this point, going largely unaddressed.

NEW TECH: Why it makes more sense for ‘PAM’ tools to manage ‘Activities,’ instead of ‘Access’

By Byron V. Acohido

Privileged Access Management (PAM) arose some 15 years ago as an approach to restricting  access to sensitive systems inside of a corporate network.

Related: Active Directory holds ‘keys to the kingdom’

The basic idea was to make sure only the folks assigned “privileged access’’ status could successfully log on to sensitive servers. PAM governs a hierarchy of privileged accounts all tied together in a Windows Active Directory (AD) environment.

It didn’t take cyber criminals too long to figure out how to subvert PAM and AD – mainly by stealing or spoofing credentials to log on to privileged accounts. All it takes is one phished or hacked username and password to get a toehold on AD. From there, an intruder can quickly locate and take control of other privileged accounts. This puts them in position to systematically embed malware deep inside of compromised networks.

Shoring up legacy deployments of PAM and AD installations has become a cottage industry unto itself, and great strides have been made. Even so, hacking groups continue to manipulate PAM and AD to plunder company networks. And efforts to securely manage privileged access accounts isn’t going to get any easier, going forward, as companies increase their reliance on hybrid IT infrastructures.

I had the chance to discuss this with Gerrit Lansing, Field CTO at Stealthbits Technologies, a Hawthorne, NJ-based supplier of software to protect sensitive company data. We spoke at RSA 2020. For a full drill down of our discussion, give the accompanying podcast a listen. Here are the key takeaways.

Enticing target

For 90 percent of organizations, Windows Active Directory is the hub for all identities, both human and machine. AD keeps track of all identities and enables all human-to-machine and machine-to-machine communications that take place on the network. PAM grants privileges to carry out certain activities on higher level systems.

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

By Byron V. Acohido

DevOps is now table stakes for any company hoping to stay competitive. Speed and agility is the name of the game. And everyone’s all-in.

Related: A firewall for microservices

DevSecOps arose to insert security checks and balances into DevOps, aiming to do so without unduly degrading speed and agility.

If you’re thinking that speed and security are like oil and water, you’re right. At RSA 2020, I had an eye-opening discussion with Rohit Sethi, CEO of Security Compass, about this. Sethi walked me through some of the limitations of DevSecOps, as well as the approach Security Compass is taking to help shore it up. For a full drill down on our discussion, please give the accompanying podcast a listen. Here are key takeaways:

The speed imperative

Software has become the life blood of virtually all industries. As companies have come to realize how pivotal software is, an urgency has arisen to develop code as quickly as humanly possible.

Fail fast. That’s become the mantra of DevOps. Pour everything into quickly deploying minimally viable software to learn where it works or fails, and then iterate and remediate on the fly. Fail fast has replaced the methodical, linear approach to developing software, which sought to achieve a perfect product.

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

By Byron V. Acohido

Agile software innovation is the order of the day. Wonderous digital services are the result.

Related: Micro-segmentation taken to the personal device level

The flip side, of course, is that an already wide-open attack surface – one that has been getting plundered for the past two decades by criminal hacking groups — is getting scaled up, as well.

Enter micro-segmentation; or microsegmentation, depending on which cybersecurity vendor you’re talking to.

Micro-segmentation is a fresh approach to defending company networks that is actually a throwback to a 30-year-old security concept, called network segmentation. It’s a way to replace the clunky controls that were designed to cordon off certain zones of on-premises IT infrastructure with sleek, software-defined controls that are more fitting for the hybrid cloud networks that will take us forward.

Micro-segmentation got a lot of attention at RSA 2020. I had the chance to learn more about how it works, and why it holds so much promise, in a visit with Pavel Gurvich, co-founder and chief executive officer of Tel Aviv, Israel-based Guardicore, one of the leading players in this space. For a full drill down on our conversation, give the accompanying podcast a listen. Here are the key takeaways:

Micro-managing workloads

Companies today are immersed in digital transformation; they’re migrating to cloud-based business systems, going all in on mobile services and embracing Internet of Things systems whole hog. DevOps has taken center stage. Software innovation happens by combining “microservices” within “software containers” that circulate in virtual “storage buckets,” spun up in Amazon Web Services (AWS,) Microsoft Azure and Google Cloud.

Q&A: Accedian’s Michael Rezek on using ‘Network Traffic Analysis’ to defend hybrid networks

By Byron V. Acohido

Defending business networks isn’t getting any easier. Companies can have the latest, greatest perimeter defenses, intrusion detection systems and endpoint protections – and attackers will still get through. Just ask Equifax or Capital One.

Related: Why cybersecurity should reflect societal values

An emerging approach, called Network Traffic Analysis, is gaining traction as, in effect, a catch-all network security framework positioned at the highest layer of the networking stack. Heavyweights Cisco and FireEye are playing in this space. And so are a couple of dozen other vendors, many of them extending over from the network performance monitoring arena.

I had a lively discussion at RSA 2020 with one of these vendors, Accedian, a 15-year-old company based in Montreal, Canada. For a full drill down on my discussion with Michael Rezek, Accedian’s vice president of business development and cybersecurity strategy, give a listen to the accompanying podcast. Here are excerpts of my interview with Rezek, edited for clarity and length.

LW: How would you frame the security challenge companies are facing today?

Rezek: IT infrastructure today is more distributed than it has ever been, whether it’s Platform as a Service, Infrastructure as a Service, or cloud, multi-cloud, or hybrid cloud. This distribution of IT assets creates far more network dependencies than it ever has before.

NEW TECH: QuoLab advances ‘Security Operations Platform’ — SOP — technology

By Byron V. Acohido

Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day.

I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR technologies have arisen in just the past few years to help companies try to make sense of it all, even as catastrophic breaches persist.

Related: ‘Risk-based’ analysis used in SOAR

At RSA 2020, I learned about yet another emerging approach, with supporting technology, called  Security Operations Platform (SOP.) At a high level, the role of a SOP is to help squeeze more efficiency – and effectiveness – out of the dense stack of security systems already deployed in the Security Operations Centers (SOCs) of mid-sized and large enterprises.

Next-gen firewall pioneer Palo Alto Networks has staked out turf in the emerging SOP space. I had the chance to visit with a brand spanking new SOP player, QuoLab Technologies, which had its U.S. launch at RSA 2020. QuoLab actually has been refining its core technology for two and a half years as part of QuoScient, the Frankfurt, Germany-based cybersecurity vendor from which it was spun out. For a full drill down on my conversation with Dan Young, QuoLab’s co-founder and chief operating officer, please give the accompanying podcast a listen. Here are my key takeaways:

Team infrastructure

It’s often said that security is a team sport. Or at least it should be. SIEM — security information and event management – is an approach to ingesting event and log data from core IT systems, as well as from the wide array of security systems most enterprises have in place. SIEMs sift out any packets of data that looks out of the ordinary.