Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

New Tech

 

NEW TECH: ‘Network Traffic Analysis’ gets to ground truth about data moving inside the perimeter

By Byron V. Acohido

Digital transformation is all about high-velocity innovation. But velocity cuts two ways.

Related: Obsolescence creeps into perimeter defenses

Yes, the rapid integration of digital technologies into all aspects of commerce has enabled wonderful new services. But it has also translated into an exponential expansion of the attack surface available to cyber criminals.

This has led us to the current environment in which security threats are multiplying even as network breaches grow costlier and more frequent.

However, a newly-minted security sub-specialty —  christened Network Traffic Analysis, or NTA, by Gartner — holds some fresh promise for getting to the root of the problem. I had the chance to sit down at RSA 2019 with ExtraHop Networks, a Seattle-based supplier of NTA systems.

ExtraHop’s CISO Jeff Costlow walked me through what’s different about the approach NTA vendors are taking to help companies detect and deter leading-edge threats. For a drill down, give a listen to the accompanying podcast. Key takeaways:

NTA’s distinctions

Software development today routinely occurs at high velocity in order to build the digital services we can’t live without. Modular microservices, software containers and orchestration tools get spun up, using open source components; all of this mixing and matching occurs in the internet cloud, keeping things moving right along.

The inevitable security gaps that get created as part of this highly dynamic process have been getting short shrift, in deference to shipping deadlines. It’s not as though legacy security vendors are asleep at the wheel; they’ve been applying machine learning and AI to the output of SIEMs, firewalls, intrusion detection and other traditional security products designed to filter and detect malicious traffic directed at, and coming through, the perimeter. …more

NEW TECH: CloudKnox takes aim at securing identity privileges for humans — and non-humans

By Byron V. Acohido

Companies are embracing hybrid cloud deployments like never before, mixing and matching on-premises IT systems with off-premises cloud services.

Related: Machine identities present wide open attack vector

To accomplish this, they must grant and manage access privileges to human identities: remote employees, third-party suppliers and far-flung customers.

Arguably even more vital is the granting of access privileges to thousands more non-human identities – the service accounts that connect modular coding components, like the microservices, software containers and APIs that make up the stretchable fabric of cloud services.

Without this provisioning of access privileges to human and non-human identities, hybrid cloud commerce  would not be possible. And yet, somehow, hybrid deployments have gained wide adoption without fully accounting for an entire new tier of identity risks.

This exposure extends from companies losing track of identities and overprovisioning privileges.  CloudKnox Security, a Sunnyvale, CA-based security vendor, launched last October, specifically to help companies more effectively manage human and non-human identity privileges in the brave new world of hybrid networks.

I had a chance at RSA 2019 to visit with company founder and CEO Balaji Parimi. For a drill down, give a listen to our full interview via the accompanying podcast. A few key takeaways:

Multiplying privileges

Remember the old problem of Microsoft shipping Windows server software with weak administrator passwords as the default? Take that systemic security weakness, put it on steroids, and you get a sense of the exposure lurking in identities today.

For instance, on the human side of things, Parimi informed me that there are 7,800 distinct privileges, or unique actions—granted to administrators across Amazon Web Services, Microsoft Azure, Google Cloud and VMware vSphere.

And then there are magnitudes of order more non-human identities to worry about. “With DevOps, when you check-in your code, it automatically gets built and created into production. All of this is done with a service account, …more