Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

New Tech

 

NEW TECH: DigiCert unveils ‘Trust Lifecyle Manager’ to centralize control of digital certificates

By Byron V. Acohido

To get network protection where it needs to be, legacy cybersecurity vendors have begun reconstituting traditional security toolsets.

The overarching goal is to try to derive a superset of very dynamic, much more tightly integrated security platforms that we’ll very much need, going forward.

Related: The rise of security platforms

This development has gained quite a bit of steam over the past couple of years with established vendors of vulnerability management (VM,) endpoint detection and response (EDR,) and identity and access management (IAM) solutions in the vanguard.

And this trend is accelerating as 2023 gets underway. DigiCert’s launch today of Trust Lifecycle Manager, is a case in point. I had the chance to get briefed about this all-new platform, which provides a means for companies to comprehensively manage their Public Key Infrastructure (PKI) implementations along with the associated digital certificates.

I visited with Brian Trzupek, DigiCert’s senior vice president of product. As a leader of digital trust, DigiCert is best known as a Certificate Authority (CA) and a supplier of services to manage PKI. We drilled down on why getting a much better handle on PKI has become vital in a massively interconnected operating environment. DigiCert’s new solution is designed to “unify PKI services, public trust issuance and CA-agnostic certificate lifecycle management,” he told me.

Here are the main takeaways from our discussion:

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

By Byron V. Acohido

Ever feel like your smart home has dyslexia?

Siri and Alexa are terrific at gaining intelligence with each additional voice command. And yet what these virtual assistants are starkly missing is interoperability.

Related: Why standards are so vital

Matter 1.0 is about to change that. This new home automation connectivity standard rolls out this holiday season with sky high expectations. The technology industry hopes that Matter arises as the  lingua franca for the Internet of Things.

Matter certified smart home devices will respond reliably and securely to commands from Amazon AlexaGoogle Assistant,  Apple HomeKit or Samsung SmartThings. Think of it: consumers will be able to control any Matter appliance with any iOS or Android device.

That’s just to start. Backed by a who’s who list of tech giants, Matter is designed to take us far beyond the confines of our smart dwellings. It could be the key that securely interconnects IoT systems at a much deeper level, which, in turn, would pave the way to much higher tiers of digital innovation.

I had the chance to sit down, once more, with Mike Nelson, DigiCert’s vice president of IoT security, to discuss the wider significance of this milestone standard.

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

By Byron V. Acohido

Standards. Where would we be without them?

Universally accepted protocols give us confidence that our buildings, utilities, vehicles, food and medicines are uniformly safe and trustworthy. At this moment, we’re in dire need of implementing standards designed to make digital services as private and secure as they need to be.

Related: How matter addresses vulnerabilities of smart home devices

A breakthrough is about to happen with the roll out this fall of Matter, a new home automation connectivity standard backed by Amazon, Apple, Google, Comcast and others.

Matter is intended to be the lingua franca for the Internet of Things. It’s only a first step and there’s a long way to go. That said, Matter is an important stake in the ground. To get a full grasp on why Matter matters, I recently visited with Steve Hanna, distinguished engineer at Infineon Technologies, a global semiconductor manufacturer based in Neubiberg, Germany.

For a full drill down on our evocative discussion, please watch the accompanying videocast. Here are the main takeaways:

NEW TECH SNAPSHOT: The role of ‘MSSPs’ in helping businesses manage cybersecurity

By Byron V. Acohido

Network security has been radically altered, two-plus years into the global pandemic.

Related: ‘Attack surface management’ rises to the fore

The new normal CISOs face today is something of a nightmare. They must take into account a widely scattered workforce and somehow comprehensively mitigate new and evolving cyber threats.

Criminal hacking collectives are thriving, more  than ever. Security teams are on a mission to push network defenses to the perimeter edges of an open, highly interconnected digital landscape; the defenders are under assault and running hard to stay one step ahead.

Managed Security Services Providers have been steadily evolving for two decades; they now seem poised to help large enterprises and, especially, small to mid-sized businesses manage their cybersecurity.

The global market for managed security services is estimated to be growing at a compound

Black Hat Fireside Chat: Taking the fight to the adversaries — with continuous, proactive ‘pen tests’

By Byron V. Acohido

Penetration testing – pen tests – traditionally have been something companies might do once or twice a year.

Related: Cyber espionage is on the rise

Bad news is always anticipated. That’s the whole point. The pen tester’s assignment is to seek out and exploit egregious, latent vulnerabilities – before the bad guys — thereby affording the organization a chance to shore up its network defenses.

Pen testing has limitations, of course. The probes typically take considerable effort to coordinate and often can be more disruptive than planned.

These shortcomings have been exacerbated by digital transformation, which has vastly expanded the network attack surface.

Guest expert: Snehal Antani, CEO, Horizon3.ai

I had the chance at Black Hat 2022 to visit with Snehal Antani and Monti Knode, CEO and director of customer success, respectively, at Horizon3.ai, a San Francisco-based startup, which launched in 2020. Horizon3 supplies “autonomous” vulnerability assessment technology.

Co-founder Antani previously served as the first CTO for the U.S. Joint Special Operations Command (JSOC)  and Knode was a commander in the U.S. Air Force 67th Cyberspace Operations Group. They argue that U.S. businesses need to take a wartime approach the cybersecurity. For a full drill down, please give the accompanying podcast a listen.

Horizon3’s flagship service, NodeZero, is designed to continuously assess an organization’s network attack surface to identify specific scenarios by which an attacker might combine stolen credentials with misconfigurations or software flaws to gain a foothold.

Black Hat Fireside Chat: Doing deep-dive API security — as software gets developed and deployed

By Byron V. Acohido

APIs have come to embody the yin and yang of our digital lives.

Related: Biden moves to protect water facilities

Without application programming interface, all the cool digital services we take for granted would not be possible.

But it’s also true that the way software developers and companies have deployed APIs has contributed greatly to the exponential expansion of the cyber-attack surface. APIs have emerged as a go-to tool used by threat actors in all phases of sophisticated, multi-stage network attacks.

Upon gaining a toehold on a targeted device or server, attackers now quickly turn their attention to locating and manipulating available APIs to hook deeply into company systems. APIs provide paths to move laterally, to implant malware and to steal data.

Guest expert: Sudeep Padiyar, founding member, Traceable.ai

The encouraging news is that API security technology has advanced quite a bit over the past five years or so.

I had the chance at Black Hat 2022 to visit with Sudeep Padiyar, founding member and director of product management, at Traceable, a San Francisco-based supplier of advanced API security systems. Traceable launched in 2018, the brainchild of tech entrepreneurs Jyoti Bansal and Sanjay Nagaraj; it provides deep-dive API management capabilities — as software is being developed and while it is being used in the field.

We discussed the Gordian-knot challenge security teams face getting a grip on the avalanche of APIs hooking into their organizations. For a full drill down, please give the accompanying podcast a listen.

Black Hat Fireside Chat: Deploying ‘AI’ as a weapon to win the ‘attack surface management’ war

By Byron V. Acohido

Short-handed cybersecurity teams face a daunting challenge.

Related: ‘ASM’ is cybersecurity’s new centerpiece

In an intensely complex, highly dynamic operating environment, they must proactively mitigate myriad vulnerabilities and at the same time curtail the harm wrought by a relentless adversary: criminal hacking collectives.

In short, attack surface management has become the main tent pole of cybersecurity. A rock-solid, comprehensive battle plan has been painstakingly laid out, in the form of the NIST Cybersecurity Framework. And now advanced weaponry is arriving that leverages data analytics to tighten up systems and smother attacks.

Guest expert: Justin Fier, VP Tactical Risk and Response, Darktrace

One supplier in the thick of this development is Cambridge, UK-based Darktrace, a supplier of security systems designed to help companies“think like an attacker,’ says Justin Fier, Darktrace vice-president of tactical risk and response, whom I had the chance to visit with at Black Hat 2022.

We discussed how legacy, on-premises cybersecurity systems generate massive amounts of telemetry – data which is perfectly suited for high-scale, automated data analytics. This is why it makes so much sense for artificial intelligence, generally, to be brought to bear in attack surface management.