Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

New Tech

 

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

By Byron V. Acohido

The ubiquity of smart surveillance systems has contributed greatly to public safety.

Related: Monetizing data lakes

Image capture devices embedded far and wide in public spaces help deter crime as well as aid first responders — but they also stir rising concerns about an individual’s right to privacy.

Enter attribute-based encryption (ABE) an advanced type of cryptography that’s now ready for prime time. I’ve had several discussions with scientists who’ve led the development of ABE over the past two decades.

Most recently, I had the chance to visit with Takashi Goto, Vice President, Strategy, and Fang Wu, Consultant, at NTT Research. We discussed how ABE is ready to help resolve some rather sticky privacy issues stemming from widespread digital surveillance – and also do much more.

For a full drill down on this leading-edge form of agile cryptography, please view the accompanying videocast. Here are my takeaways.

Black Hat Fireside Chat: Flexxon introduces hardened SSD drives as a last line defense

By Byron V. Acohido

Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry.

Related: The security role of semiconductors

Cutting against the grain, Flexxon, a Singapore-based supplier of NAND memory drives and storage devices, arrived at Black Hat USA 2023 calling for a distinctive hardware approach to repelling cyber attacks.

Flexxon recently introduced its X-PHY SSD drive which now comes embedded in certain laptop models from Lenovo, ASUS and HP. This innovation derives from security-hardened AI-powered memory and storage drives Flexxon supplies that go into medical equipment and industrial machinery.

I had the chance to get briefed about all of this by Flexxon’s founder and CEO Camellia Chan. For a full drill down

News Alert: Reflectiz declares war on Magecart web-skimming attacks as holidays approach

Tel Aviv, Israel, Sept. 5, 2023 — Reflectiz, a cybersecurity company specializing in continuous web threat management offers an exclusive, fully remote solution to battle Magecart web-skimming attacks, a popular type of cyberattacks involving injecting malicious code into the checkout pages.

As the Holiday Season approaches, online retailers face the challenge of protecting their websites against the growing threat of malicious attacks, such as Magecart. However, they struggle to add new security layers due to restrictions on modifying their website code to avoid impacting website performance during the peak shopping season.

Reflectiz, a unique web security tool, ensures 100% readiness for Magecart attacks before and during the Holiday Season. This is made possible by Reflectiz’s external, non-intrusive solution, requiring

RSAC Fireside Chat: Reinforcing ‘Identity and Access Management’ to expose ‘shadow access’

By Byron V. Acohido

The world of Identity and Access Management (IAM) is rapidly evolving.

Related: Stopping IAM threats

IAM began 25 years ago as a method to systematically grant human users access to company IT assets. Today, a “user” most often is a snippet of code seeking access at the cloud edge.

At the RSAC Conference 2023, I sat down with Venkat Raghavan, founder and CEO of start-up Stack Identity. As Raghavan explained, the rapid growth of data and subsequent application development in the cloud has led to a sprawling array of identities and access points. This, he warned, has created a new problem: shadow access.

Shadow access refers to ungoverned and unauthorized access that arises due to

SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars

By Kolawole Samuel Adebayo

In an increasingly interconnected world, the evolution of the automotive industry presents an exciting yet daunting prospect.

Related: Privacy rules for vehicles

As vehicles continue to offer modern features such as app-to-car connectivity, remote control access, and driver assistance software, a huge risk lurks in the shadows.

The physical safety of things like airbags, rearview mirrors, and brakes is well accounted for; yet cybersecurity auto safety concerns are rising to the fore.

What used to be a focus on physical safety has now shifted to cybersecurity due to the widened attack surface that connected cars present. The rapid advancements in electric vehicles (EVs) has only served to heighten these concerns.

Funso Richard, Information Security Officer at Ensemble, highlighted the gravity of these threats. He told Last Watchdog that apart from conventional attacks, such as data theft and vehicle theft, much more worrisome types of attacks are emerging. These include ransomware targeting backend servers, distributed denial of service (DDoS) attacks, destructive malware, and even weaponizing charging stations to deploy malware.

RSAC Fireside Chat: Keeping persistent email threats at bay requires deeper, cloud-layer vigilance

By Byron V. Acohido

Email remains by far the no.1 business communications tool. Meanwhile, weaponized email continues to pose a clear and present threat to all businesses.

Related: The need for timely training

At RSA Conference 2023, I learned all about a new category of email security — referred to as integrated cloud email security (ICES) – that is helping companies more effectively keep email threats in check.

I met with Eyal Benishti, CEO of IRONSCALES, a supplier of ICES tools and cybersecurity training services. For a full drill down on our conversation, please give the accompanying podcast a close listen.

Phishing is still the main way bad actors slip into networks; and Business Email Compromise (BEC) attacks can instantly translate into crippling losses.

Guest expert: Eyal Benishti, CEO, Ironscales

Successful attacks slip past legacy security email gateways (SEGs) and even past the newer ‘cloud-native security’ controls that Microsoft and Google have embedded Microsoft 365 and Google Workspace. These filters look for known bad attachments and links.

ICES solutions vet the messages that slip through. IRONSCALES, for instance, applies natural language processing technology to identify patterns and flush out anything suspicious.

And its complementary security awareness training modules encourage employees to participate in isolating anything suspicious that leaks into their inboxes.

“The security gateways and cloud-native security controls look at content but that’s not enough,” Benishti observes. “You also need to look at context; both perspectives are needed.”

It’s clear that layers of protection, along with better-trained employees, have become table stakes. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

RSAC Fireside Chat: Demystifying cloud-stored data via ‘data security posture management’

By Byron V. Acohido

In the age before the cloud, data security was straightforward.

Related: Taming complexity as a business strategy

Enterprises created or ingested data, stored it and secured it in a physical data center. Data security was placed in the hands of technicians wearing tennis shoes, who could lay their hands on physical servers.

Today, company networks rely heavily on hybrid cloud and multi-cloud IT resources, and many startups are cloud native. Business data has been scattered far and wide across cloud infrastructure and just knowing where to look for sensitive data in the cloud, much less enforcing security policies, has become next to impossible for many organizations.

If headline grabbing cyber-attacks weren’t enough, the Biden Administration has begun imposing long-established, but widely ignored data security best practices on any contractor that hopes to do business with Uncle Sam.

Guest expert: Yotam Segev, co-founder and CEO, Cyera

This is where a hot new security service comes into play – designated in 2022 by Gartner as “data security posture management,” or DSPM. With RSA Conference 2023 taking place at San Francisco’s Moscone Center next week, I had the chance to visit with Yotam Segev, co-founder and CEO San Mateo, Calif.-based security startup Cyera, that is making hay in this emerging DSPM space.

Segev and I discussed how, in the rush to the cloud, companies have lost control of data security, especially in hybrid environments. The core value of DSPM systems, he argues, is that they can help demystify data management, with benefits that ultimately should go beyond security and compliance and actually help ease cloud migration.

Please give a listen to the case Segev makes in the accompanying podcast. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the … more