Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

New Tech

 

Black Hat insights: The retooling of SOAR to fit as the automation core protecting evolving networks

By Byron V. Acohido

In less than a decade, SOAR — security orchestration, automation and response — has rapidly matured into an engrained component of the security technology stack in many enterprises.

Related: Equipping SOCs for the long haul

SOAR has done much since it entered the cybersecurity lexicon to relieve the cybersecurity skills shortage. SOAR leverages automation and machine learning to correlate telemetry flooding in from multiple security systems. This dramatically reduces the manual labor required to do a first-level sifting of the data inundating modern business networks

However, SOAR has potential to do so much more, observes Cody Cornell, chief strategy officer and co-founder of Swimlane. SOAR, he argues, is in a position to arise as a tool that can help companies make the pivot to high-reliance on cloud-centric IT infrastructure. At the moment, a lot of organizations are in this boat.

“Covid 19 turned out to be the best digital transformation initiative ever,” Cornell says. “It forced us to do things that probably would’ve taken many more years for us to do, in terms of adopting to remote work and transitioning to cloud services.”

Swimlane, which launched in 2014 and is based in Denver, finds itself in the vanguard of cybersecurity vendors hustling to retool not just SOAR, but also security operations centers (SOCs,) security information and event management (SIEM) systems, and endpoint detection and response (EDR) tools. A core theme at RSA 2021 earlier this year – and at Black Hat USA 2021, taking place this week in Las Vegas – is that the combining of these and other security systems is inevitable and will end up resulting in something greater than the parts, i.e. not just more efficacious security, but optimized business networks overall.

NEW TECH: How the emailing of verified company logos actually stands to fortify cybersecurity

By Byron V. Acohido

Google’s addition to Gmail of something called Verified Mark Certificates (VMCs) is a very big deal in the arcane world of online marketing.

Related: Dangers of weaponized email

This happened rather quietly as Google announced the official launch of VMCs in a blog post on July 12. Henceforth companies will be able to insert their trademarked logos in Gmail’s avatar slot; many marketers can’t wait to distribute email carrying certified logos to billions of inboxes. They view logoed email as an inexpensive way to boost brand awareness and customer engagement on a global scale.

However, there is a fascinating back story about how Google’s introduction of VMCs – to meet advertising and marketing imperatives — could ultimately foster a profound advance in email security. Over the long term, VMCs, and the underlying Brand Indicators for Message Identification (BIMI) standards, could very well give rise to a bulwark against email spoofing and phishing.

I had a chance to sit down with Dean Coclin, senior director of business development at DigiCert, to get into the weeds of this quirky, potentially profound, security development. DigiCert is a Lehi, Utah-based Certificate Authority (CA) and supplier of Public Key Infrastructure services.

Coclin and I worked through how a huge email security breakthrough could serendipitously arrive as a collateral benefit of VMCs. Here are the main takeaways from our discussion:

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

By Byron V. Acohido

Most of us, by now, take electronic signatures for granted.

Related: Why PKI will endure as the Internet’s secure core

Popular services, like DocuSign and Adobe Sign, have established themselves as convenient, familiar tools to conduct daily commerce, exclusively online. Yet electronic signatures do have their security limitations. That’s why “wet” signatures, i.e. signing in the presence of a notary, remains a requirement for some transactions involving high dollars or very sensitive records.

Clearly, a more robust approach to verifying identities in the current and future digital landscape would be useful. After all, conducting business transactions strictly online was already on the rise before Covid 19, a trend that only accelerated due to the global pandemic.

And this is why DigiCert recently introduced DigiCert® Document Signing Manager (DSM) – an advanced hosted service designed to increase the level of assurance of the identities of persons signing documents digitally.

I had the chance to learn more about this new tool from Brian Trzupek, DigiCert’s senior vice president of product DigiCert is best known as a Certificate Authority (CA) and a supplier of services to manage Public Key Infrastructure. And PKI, of course, is the behind-the-scenes authentication and encryption framework on which the Internet is built.

MY TAKE: How SASE has begun disrupting IT — by shifting cybersecurity to the ‘services edge’

By Byron V. Acohido

One of the hottest topics at RSA Conference 2021 taking place virtually this week is the Secure Access Services Edge (SASE) security framework.

Related: Cybersecurity experts react to Biden’s EO

SASE (pronounced sassy) essentially is a roadmap for infusing privacy and security deeply into the software coding that gives life to our smartphones, IoT devices and cloud infrastructure, i.e. at the “services edge,” where all the action is taking place.

Coined by Gartner in late 2018, SASE is gaining momentum as a generational disruptive force. It calls for organizations to start proactively managing the myriad new attack vectors they’ve opened up in the pursuit of digital agility — by embracing a bold new IT architecture that extends network security far beyond the traditional perimeter

However, disruption doesn’t happen without displacement. And at this early stage, things are a bit chaotic. As established and newer cybersecurity vendors scramble to catch the SASE wave, marketing messages have sometimes been less than clear.

From the customer’s point of view, some early-adopter enterprises have experienced buyer’s remorse trying out SASE services that don’t really make the grade, says Mike Spanbauer, security evangelist at Juniper Networks, a Sunnyvale, Calif.-based supplier of networking technology.

“What we’ve heard from out in the marketplace is that a number of SASE solutions that supposedly could deliver everything as promised, were found to be lacking in many capacities,” Spanbauer says.

RSAC insights: Introducing ‘CWPP’ and ‘CSPM,’ new frameworks to secure cloud infrastructure

By Byron V. Acohido

A greater good has come from Capital One’s public pillaging over losing credit application records for 100 million bank customers.

Related: How credential stuffing fuels account takeovers

In pulling off that milestone hack, Paige Thompson took advantage of CapOne’s lack of focus on cloud security as the banking giant rushed headlong into leveraging Amazon Web Services. Luckily, Thompson left an easy trail for the FBI to follow and affect her arrest in August 2019.

The lone wolf hacker’s lasting legacy may be that she gave the cybersecurity industry an impetus to double down on its efforts to help enterprises get a grip on cloud security.

A slew of new cloud-security frameworks have gained traction since the Capital One hack. I recently had the chance to sit down with Kevin Simzer, chief operating officer of Trend Micro, to discuss two of them: Cloud Workload Protection Platform (CWPP) and Cloud Security Posture Management (CSPM.) For a full drill down on our conversation please give the accompanying podcast a listen. Here are the key takeaways:

Cloud migration risks

The summer of 2019 was a heady time for the financial services industry. Capital One’s valuation hit record highs at a time when its senior executives bragged on Wall Street about how the bank’s aggressive adoption of AWS-supplied infrastructure would boost both profits and security. In reality, the bank wasn’t paying close enough attention to its shared responsibility for keeping its cloud-stored assets secure.

RSAC insights: Security Compass leverages automation to weave security deeper into SecOps

By Byron V. Acohido

In a day and age when the prime directive for many organizations is to seek digital agility above all else, cool new apps get conceived, assembled and deployed at breakneck speed.

Related: DHS instigates 60-day cybersecurity sprints

Software developers are king of the hill; they are the deeply-committed disciples pursuing wide open, highly dynamic creative processes set forth in the gospels of  DevOps and CI/CD.

In this heady environment, the idea of attempting to infuse a dollop of security into new software products — from inception — seems almost quaint. I recently sat down with Rohit Sethi, CEO of Security Compass, to discuss why this so-called “product security” gap inevitably must be narrowed, and why there are encouraging signs that should be what happens, going forward, albeit incrementally.

For a full drill down on our wide-ranging conversation, please give the accompanying podcast a listen. Here are key takeaways.

History of product security

It has become all too common today for an organization to commit to what Sethi calls a “fast-and-risky” approach to building new software products. In a race gain a competitive edge, companies do whatever it takes to deploy new software products as quickly as possible. As a nod to security, nominal static analysis and maybe a bit of penetration testing gets done just prior to meeting a tight deployment deadline.

This, in fact, was  the same general approach to developing and deploying new software that existed in early 2002 when Bill Gates slammed the brakes on all Windows development to focus on implementing Trustworthy Computing. Microsoft, at the time, was on the brink of getting swallowed up by potent self-spreading Windows worms like SirCam, Code Red, ILoveYou and Nimbda. So Gates directed billions of dollars towards the adoption of Security Development Lifecyle, or SDL, a systematic approach to infusing product security at the start of the Windows development process.

MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security

By Byron V. Acohido

Historically, consumers have had to rely on self-discipline to protect themselves online.

Related: Privacy war: Apple vs. Facebook.

I’ve written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. Then about 10 years ago, consumer-grade virtual private networks, or VPNs, came along, providing a pretty nifty little tool that any individual could use to deflect invasive online tracking.

Consumer-grade VPNs have steadily gained a large following. And over the past two to three years, adoption has climbed steeply.

It only recently dawned on me that this rise in popularity of VPNs is probably directly related to the chaotic social unrest, not to mention the global health crisis, we’ve all endured over the past few years.

We’ve become accustomed to hunkering down. As part of this mindset, more consumers are subscribing to a personal VPN service which they use to shield themselves from disinformation sweeps and to protect themselves from Covid 19-related hacks and scams.