Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

New Tech

 

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

By Byron V. Acohido

DevOps is now table stakes for any company hoping to stay competitive. Speed and agility is the name of the game. And everyone’s all-in.

Related: A firewall for microservices

DevSecOps arose to insert security checks and balances into DevOps, aiming to do so without unduly degrading speed and agility.

If you’re thinking that speed and security are like oil and water, you’re right. At RSA 2020, I had an eye-opening discussion with Rohit Sethi, CEO of Security Compass, about this. Sethi walked me through some of the limitations of DevSecOps, as well as the approach Security Compass is taking to help shore it up. For a full drill down on our discussion, please give the accompanying podcast a listen. Here are key takeaways:

The speed imperative

Software has become the life blood of virtually all industries. As companies have come to realize how pivotal software is, an urgency has arisen to develop code as quickly as humanly possible.

Fail fast. That’s become the mantra of DevOps. Pour everything into quickly deploying minimally viable software to learn where it works or fails, and then iterate and remediate on the fly. Fail fast has replaced the methodical, linear approach to developing software, which sought to achieve a perfect product.

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

By Byron V. Acohido

Agile software innovation is the order of the day. Wonderous digital services are the result.

Related: Micro-segmentation taken to the personal device level

The flip side, of course, is that an already wide-open attack surface – one that has been getting plundered for the past two decades by criminal hacking groups — is getting scaled up, as well.

Enter micro-segmentation; or microsegmentation, depending on which cybersecurity vendor you’re talking to.

Micro-segmentation is a fresh approach to defending company networks that is actually a throwback to a 30-year-old security concept, called network segmentation. It’s a way to replace the clunky controls that were designed to cordon off certain zones of on-premises IT infrastructure with sleek, software-defined controls that are more fitting for the hybrid cloud networks that will take us forward.

Micro-segmentation got a lot of attention at RSA 2020. I had the chance to learn more about how it works, and why it holds so much promise, in a visit with Pavel Gurvich, co-founder and chief executive officer of Tel Aviv, Israel-based Guardicore, one of the leading players in this space. For a full drill down on our conversation, give the accompanying podcast a listen. Here are the key takeaways:

Micro-managing workloads

Companies today are immersed in digital transformation; they’re migrating to cloud-based business systems, going all in on mobile services and embracing Internet of Things systems whole hog. DevOps has taken center stage. Software innovation happens by combining “microservices” within “software containers” that circulate in virtual “storage buckets,” spun up in Amazon Web Services (AWS,) Microsoft Azure and Google Cloud.

Q&A: Accedian’s Michael Rezek on using ‘Network Traffic Analysis’ to defend hybrid networks

By Byron V. Acohido

Defending business networks isn’t getting any easier. Companies can have the latest, greatest perimeter defenses, intrusion detection systems and endpoint protections – and attackers will still get through. Just ask Equifax or Capital One.

Related: Why cybersecurity should reflect societal values

An emerging approach, called Network Traffic Analysis, is gaining traction as, in effect, a catch-all network security framework positioned at the highest layer of the networking stack. Heavyweights Cisco and FireEye are playing in this space. And so are a couple of dozen other vendors, many of them extending over from the network performance monitoring arena.

I had a lively discussion at RSA 2020 with one of these vendors, Accedian, a 15-year-old company based in Montreal, Canada. For a full drill down on my discussion with Michael Rezek, Accedian’s vice president of business development and cybersecurity strategy, give a listen to the accompanying podcast. Here are excerpts of my interview with Rezek, edited for clarity and length.

LW: How would you frame the security challenge companies are facing today?

Rezek: IT infrastructure today is more distributed than it has ever been, whether it’s Platform as a Service, Infrastructure as a Service, or cloud, multi-cloud, or hybrid cloud. This distribution of IT assets creates far more network dependencies than it ever has before.

NEW TECH: QuoLab advances ‘Security Operations Platform’ — SOP — technology

By Byron V. Acohido

Defending enterprise networks has become a convoluted challenge, one that is only getting more byzantine by the day.

I’ve written about the how SIEMs ingest log and event data from all across hybrid networks, and about how UEBA and SOAR technologies have arisen in just the past few years to help companies try to make sense of it all, even as catastrophic breaches persist.

Related: ‘Risk-based’ analysis used in SOAR

At RSA 2020, I learned about yet another emerging approach, with supporting technology, called  Security Operations Platform (SOP.) At a high level, the role of a SOP is to help squeeze more efficiency – and effectiveness – out of the dense stack of security systems already deployed in the Security Operations Centers (SOCs) of mid-sized and large enterprises.

Next-gen firewall pioneer Palo Alto Networks has staked out turf in the emerging SOP space. I had the chance to visit with a brand spanking new SOP player, QuoLab Technologies, which had its U.S. launch at RSA 2020. QuoLab actually has been refining its core technology for two and a half years as part of QuoScient, the Frankfurt, Germany-based cybersecurity vendor from which it was spun out. For a full drill down on my conversation with Dan Young, QuoLab’s co-founder and chief operating officer, please give the accompanying podcast a listen. Here are my key takeaways:

Team infrastructure

It’s often said that security is a team sport. Or at least it should be. SIEM — security information and event management – is an approach to ingesting event and log data from core IT systems, as well as from the wide array of security systems most enterprises have in place. SIEMs sift out any packets of data that looks out of the ordinary.

NEW TECH: WhiteHat Security tackles ‘dangling buckets,’ other new web app exposures

By Byron V. Acohido

WhiteHat Security got its start some 17 years ago in Silicon Valley to help companies defend their public-facing websites from SQL injection and cross-site scripting hacks.

Related: Mobile apps are full of vulnerabilites

Both hacking methods remain a problem today. Yet organizations have many more application security headaches to resolve these days. As companies integrate digital technology into every aspect of their daily business operation, WhiteHat has seen strong demand for its innovative cloud-based application security platform.

I caught up with Bryan Becker, WhiteHat Security product manager, at the RSA 2020 Conference in San Francisco recently. In a wide-ranging discussion, we examined how local governments have become prime targets of ransomware purveyors, and why APIs translate into a vast new attack surface. For a full drill down please give the accompanying podcast a listen. A few key takeaways:

Targeting local government

For decades, nation-state attacks have caused serious havoc across the world, primarily targeting critical infrastructure such as power grids and industrial control systems, as well as government agencies, often disrupting operations and leaking sensitive information. Russia’s multiple take downs of Ukraine’s power grid and Chinese plundering of the U.S. Office of Personnel Management are two prime examples.

In the past several years however, state governments and municipalities that have come under withering ransomware attacks. What’s more, election tampering at the local level has become an established component of national elections.

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

By Byron V. Acohido

Encryption is a cornerstone of digital commerce. But it has also proven to be a profound constraint on the full blossoming of cloud computing and the Internet of Things.

Related: A ‘homomorphic-like’ encryption solution

We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest. However, we’ve yet to arrive at a seminal means to crunch encrypted data – without first having to decrypt it.

Math geniuses and data scientists have been trying to solve this problem for more than half a century. It has only been in the past 10 years or so that commercial versions of homomorphic encryption, which I’ve written about, have slowly gained traction. Another solution is something called Multi Party Computation, or MPC, which I was unfamiliar with when heading to RSA 2020 recently.

I had the chance to visit with Nigel Smart, co-founder of Unbound Tech, a company which uses MPC technology to solve the problem of private key protection and key management. The company, based in Petach Tikvah, Israel, addresses the problem via a “virtual Hardware Security Module” as opposed to the traditional method of using physical infrastructure. Smart told me about how MPC has attracted the attention of the cryptocurrency community, in particular the purveyors of crypto currency exchanges and the suppliers of digital wallets.

And he explained how advanced encryption technologies, like MPC and homomorphic encryption, are on the cusp of enabling much higher use of the mountains of data hoarded in cloud storage by companies and governments. For a full drill down on our discussion, give the accompanying podcast a listen. My big takeaways:

NEW TECH: Byos pushes ‘micro segmentation’ approach to cybersecurity down to device level

By Byron V. Acohido

Many companies take an old-school approach to bringing up the rear guard, if you will, when it comes to protecting IT assets.

It’s called network segmentation. The idea is to divide the network up into segments, called subnetworks, to both optimize performance as well as strengthen security.

Related: A use case for endpoint encryption

At RSA 2020 in San Francisco recently, I learned about how something called  “micro segmentation” is rapidly emerging as a viable security strategy. Micro segmentation takes the fundamental principle of network segmentation and drives it down to smaller and smaller subnetworks.

One security vendor pushing micro segmentation just about as low as you can go — all the way to the individual device level —  is a Nova Scotia-based startup called Byos. I had the chance to visit with Matias Katz, founder and CEO, and Ryan Bunker, business development director, at RSA 2020. For a full drill down on our conversation, give the accompanying podcast a listen. Here are key takeaways:

Micro gateways

A network gateway is like a submarine’s bulkhead passageways, which can be sealed off in emergencies. It’s where traffic passes from one subnetwork to the next. It’s also where you can put a hard stop on the movement of anything dangerous.