Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

New Tech

 

NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

By Byron V. Acohido

Security information and event management systems — SIEMs — have been around since 2005, but their time may have come at last.

Related: Digital Transformation gives SIEMs a second wind

After an initial failure to live up to their overhyped potential, SIEMs are perfectly placed to play a much bigger role today. Their capacity to ingest threat feeds is becoming more relevant with the rise of IoT (Internet of Things) systems and the vulnerabilities of old and new OT (operational technology).

I spoke with Trevor Daughney, vice president of product marketing at Exabeam, at the RSA 2020 Conference in San Francisco recently. Exabeam is a successful security vendor in the SIEM space. You can get a full drill down on our discussion in the accompanying podcast. Here are a few key takeaways:

Tuning SIEMs for IoT, OT

SIEMs are designed to gather event log data from Internet traffic, corporate hardware, and software assets, and then generate meaningful security intelligence from masses of potential security events. With CIOs and CISOs now facing increased responsibilities, SIEMs have huge untapped potential for supporting new use cases.

Digital transformation is leading to more intensive use of the cloud, faster development of software to support it, and the growth of the IoT. This means that huge amounts of customer information are now digitized and require protection.

NEW TECH: Juicing up SOAR — SIRP inserts risk-based analysis into network defense playbooks

By Byron V. Acohido

Security information and event management (SIEM) is evolving and integrating with security orchestration, automation, and response (SOAR) to add real value in the cybersecurity space.

Related: How SOAR Is Helping to Address the Cybersecurity Skills Gap

SIEM is useful for detecting potential security incidents and triggering alerts, but the addition of a SOAR solution brings these alerts to another level by triaging the data and adopting remediation measures where required.

A new addition to the SOAR space is SIRP, a platform established in 2019 in the UK that combines security operations management with cybersecurity intelligence. I caught up with Faiz Shuja, SIRP cofounder, at the RSA 2020 Conference in San Francisco recently. You can get a full drill down on our discussion in the accompanying podcast. Here are a few key takeaways:

Quickening investigations

Enterprises are drowning in an ocean of threat feeds; SOAR offers a lifeline.

An endless stream of technologies that deliver data, combined with a shortage of skilled security analysts, has pushed the market toward SOAR, which automates repetitive security analysis tasks and frees analysts to work on more important tasks.

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

By Byron V. Acohido

When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses.

Related:Promise vs. pitfalls of IoT

For small- and mid-sized businesses, firewalls, antivirus suites and access management systems  represent the entry stakes for participating in today’s digital economy. Security-mature SMBs go the next step and embrace incidence response and disaster recovery planning, as well

Meanwhile, large enterprises pour tens of billions of dollars annually into next-gen firewalls, EDR, DLP and IDS technologies, each system generating a fire-hose of threat feeds, with all of this threat intel flooding, hour-by-hour, into SIEMs, UEBAs and other analytics platforms.

And yet, after a couple of decades of piling up layer upon layer of defenses, catastrophic breaches persist — they’re occurring as often as ever, and causing more harm than ever. Threat actors simply seek out the endless fresh attack vectors arising as an unintended consequence of digital transformation. In short, layered defenses have turned out to be cheesecloth.

Acknowledging this, a few cybersecurity innovators are taking a different tack. Instead of offering up more layers of defense, they’ve slipped on the shoes of the attackers and taken an offensive approach to defending IT assets. One of the most single-minded of these security vendors is startup CyCognito.

The company was launched in Tel Aviv in 2017 by a couple of former Israeli military cyber ops attack specialists, Rob Gurzeev and Dima Potekhin. Gurzeev and Potekhin set out to mirror the perspective of threat actors — and then help companies tactically leverage this attackers’ view to shore up their porous networks.

BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups — in the field

By Byron V. Acohido

Encrypted flash drives, essentially secure storage on a stick, are a proven technology that has been readily available for at least 15 years. A few years back, it seemed like they would fade into obsolescence, swept aside by the wave of streaming services and cloud storage.

Related: Can Europe’s GDPR restore data privacy?

And yet today there is a resurgence in demand for encrypted flash drives. What’s happened is this: Digital transformation has raced forward promoting high-velocity software innovation, with only a nod to security. This trend has opened up vast new tiers of attack vectors – and threat actors are taking full advantage.

Security-conscious companies – the ones who are proactively responding, not just to threat actors having a field day, but also to the specter of paying steep fines for violating today’s stricter data privacy regulations – are paying much closer attention to sensitive data circulating out in the field, as well they should.

Highly secure portable drives make perfect sense in  numerous work scenarios; encrypted flash drives, specifically, are part of a global hardware encryption market on track to climb to $296.4 billion by 2020, up 55% as compared to 2015, according to Allied Market Research.

NEW TECH: Silverfort deploys ‘multi-factor authentication’ to lock down ‘machine identities’

By Byron V. Acohido

From the start, two-factor authentication, or 2FA, established itself as a simple, effective way to verify identities with more certainty.

Related: A primer on IoT security risks

The big hitch with 2FA, and what it evolved into – multi-factor authentication, or MFA – has always been balancing user convenience and security. That seminal tension still exists today even as the global cybersecurity community is moving to extend MFA as a key security component in much more complex digital systems spinning out of digital transformation.

One leading innovator in this space is Tel Aviv-based Silverfort. I’ve had a number of conversations with company co-founder and CEO Hed Kovetz over the past couple of years, and I had the chance to meet with him again at Black Hat 2019.

One thing I learned from Kovetz this time was that secure authentication seems destined to play a major role, going forward in verifying, not just human identities, but also machine identities. In terms of baking in security at a fundamental level of future systems, that’s very significant. For a drill down on why that’s so, give a listen to our full discussion in the accompanying podcast. Here are the key takeaways:

A machine’s world

Machines are taking over. A machine, in this context, is any piece of hardware or software that can accept and execute instructions. This includes the beefy servers humming along in vast data centers and providing the infrastructure for cloud services.

And it also include software: the modular “microservices” written by third-party developers; the software “containers” inside of which these microservices get mixed and matched; and the billions of APIs that enable two disparate machines to exchange data. In this realm, the identity of each and every machine must be verified, or chaos would rule.

Machine identities are verified by digital certificates that leverage the public key infrastructure (PKImore

NEW TECH: Can an ‘operational system of record’ alleviate rising knowledge worker frustrations?

By Byron V. Acohido

An undercurrent of discontent is spreading amongst knowledge workers in enterprises across the United States and Europe.

Related: Phishing-proof busy employees

White collar employees today have amazingly capable communications and collaboration tools at their beck and call. Yet the majority feel unsatisfied with narrow daily assignments and increasingly disconnected from the strategic goals of their parent organization.

That’s my big takeaway from a survey of 3,750 knowledge workers from mid-sized and large organizations across the US, the UK, Germany and the Netherlands. The State of Work: 2020 is the sixth annual poll of its kind sponsored by Workfront, a Lehi, Utah-based supplier of work management and project management systems.

These findings reflect knowledge workers growing increasingly frustrated that they can’t do more to advance strategically meaningful initiatives. It’s not that workers are cynical or apathetic; far from it. Some 89% of respondents said they believed their role matters, including 78% who said their job represented more than a paycheck.

Fully 91% of the workers surveyed said they were proud of the work they do and cared about the bigger picture. Yet an inordinate amount of time continues to get devoted to make-work activity or wasted scurrying down unproductive rabbit trails. Over the six years Workfront has conducted this poll, one stat has remained constant: knowledge workers on average spend just 40% of their work week on the job they were hired to do.

A similar earlier survey, conducted by tech industry research firm Forrester, found much the same thing. Some 71% of global knowledge workers polled by Forrester said their jobs required  deep concentration; yet 21% said they were unable to find or access the appropriate information they need to do their job – at least once a week.

SHARED INTEL: APIs hook up new web and mobile apps — and break attack vectors wide open

By Byron V. Acohido

If your daily screen time is split between a laptop browser and a smartphone, you may have noticed that a few browser web pages are beginning to match the slickness of their mobile apps.

Related: The case for a microservices firewall

Netflix and Airbnb are prime examples of companies moving to single-page applications, or SPAs, in order to make their browser webpages as responsive as their mobile apps.

The slickest SPAs leverage something called GraphQL, which is a leading edge way to build and query application programing interfaces, or APIs. If you ask the builders of these SPAs, they will tell you that the scale and simplicity of retrieving lots of data with GraphQL is superior to a standard RESTful API. And that brings us to cybersecurity.

APIs are being created in batches on a daily basis by the Fortune 500 and any company that is creating mobile and web applications. APIs are the conduits for moving data to-and-fro in our digitally transformed world. And each new API is a pathway to the valuable sets of data fueling each new application.

Trouble is that at this moment no one is keeping very good track of the explosion of APIs. Meanwhile, the rising use of SPA and GraphQL underscores how API growth is shifting into a higher gear. This means the attack surface available to cyber criminals looking to make money off of someone else’s data is, yet again, expanding.

I had a chance to discuss this with Doug Dooley, COO of Data Theorem, a Silicon Valley-based application security startup helping companies deal with these growing API exposures. For a full drill down, give a listen to the accompanying podcast. Here are a few key takeaways:

Cool new experiences

Amazon Web Services, Microsoft Azure, Google Cloud and Alibaba Cloud supply computer processing and data storage as a utility. DevOps has decentralized the creation and delivery … more