Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Podcasts

 

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

By Byron V. Acohido

Doing authentication well is vital for any company in the throes of digital transformation.

Digital commerce would fly apart if businesses could not reliably affirm the identities of all humans and all machines, that is, computing instances, that are constantly connecting to each other across the Internet.

Related: Locking down ‘machine identities’

At the moment, companies are being confronted with a two-pronged friction challenge, when it comes to authentication. On the one hand, they’re encountering crippling friction when attempting to migrate legacy, on-premises systems to the cloud. And on the other hand, there’s no authentication to speak of  – when there needs to be some — when it comes to machine-to-machine connections happening on the fly to make digital processes possible.

I had an enlightening discussion about this with Dana Tamir, vice president of market strategy for Silverfort, a Tel Aviv-based supplier of agentless multi-factor authentication technology. We spoke at RSA 2020. For a full drill down of the interview, please listen to the accompanying podcast. Here are excerpts, edited for clarity and length:

LW: Can you frame the authentication challenge companies face today?

Tamir: One of the biggest changes taking place is that there are many more remote users, many more employees bringing their own devices, and many more cloud resources are being used. This has basically dissolved the network perimeter. You can’t assume trust within the perimeter  because the perimeter doesn’t exist anymore.

And yet we know that threats exist everywhere, within our own environments, and out in the cloud. So that changes the way security needs to be applied, and how we authenticate our users. We now need to authenticate users everywhere, not only when they enter the network.

LW: What obstacles are companies running into with cloud migration?

MY TAKE: COVID-19 cements the leadership role CISOs must take to secure company networks

By Byron V. Acohido

Chief Information Security Officers were already on the hot seat well before the COVID-19 global pandemic hit, and they are even more so today.

Related: Why U.S. cybersecurity policy needs to match societal values

CISOs must preserve and protect their companies in a fast-changing business environment at a time when their organizations are under heavy bombardment. They must rally the troops to proactively engage, day-to-day, in the intricate and absolutely vital mission of preserving the security of IT assets, without stifling innovation. And they must succeed on executive row, with middle management and amongst the troops in the operational trenches.

That’s a very tall order, made all the more challenging by a global health crisis that has slowed the global economy to a crawl, with no end yet in sight. One new challenge CISOs’ suddenly face is how to lock down web conferencing tools, like Zoom, Skype and Webex, without gutting their usefulness.

Cyber criminals have discovered Zoom logons, in particular, to be useful for carrying out credential stuffing campaigns to probe for deeper access inside of breached networks. Thanks to the sudden rise in use of Zoom and other video conferencing systems by an expanding work-from-home workforce, their logons are begin targeted by threat actors; underground forums today are bristling with databases holding hundreds of thousands of recycled Zoom logon credentials.

I had the chance to discuss this state of affairs with Vishal Salvi, CISO of Infosys. In its 2020 fiscal year, ending March 31, Infosys reported revenue of $12.8 billion, with $7.8 billion coming from North America, $3.1 billion from Europe, $333 million from India and $1.5 billion internationally

BEST PRACTICES: How testing for known memory vulnerabilities can strengthen DevSecOps

By Byron V. Acohido

DevOps wrought Uber and Netflix. In the very near future DevOps will help make driverless vehicles commonplace.

Related: What’s driving  ‘memory attacks’

Yet a funny thing has happened as DevOps – the philosophy of designing, prototyping, testing and delivering new software as fast as possible – has taken center stage. Software vulnerabilities have gone through the roof.

Over a five year period the number technical software vulnerabilities reported to the National Institute of Standards and Technology’s National Vulnerability Database  (NVD) more than tripled – from 5,191 in  2013 to a record 16,556 in 2018.

Total vulnerabilities reported in the NVD dropped a bit in 2019, down to 12,174 total flaws. Some credit for that decline surely goes to the DevSecOps movement that has come into its own in the past two to three years.

DevSecOps proponents are pushing for security-by-design practices to get woven into the highly agile DevOps engineering culture. Still, 12,000-plus fresh software vulnerabilities is a lot, folks. And that’s not counting the latent vulnerabilities getting overlooked in this fast-paced environment – flaws sure to be discovered and exploited down the line by opportunistic threat actors.

San Jose-based application security vendor, Virsec, is seeking to tilt the balance a bit more to the side of good.

NEW TECH: CASBs continue evolving to help CISOs address multiplying ‘cloud-mobile’ risks

By Byron V. Acohido

It can be argued that we live in a cloud-mobile business environment.

Related: The ‘shared responsibility’ burden

Most organizations are all caught up, to one degree or another, in migrating to hybrid cloud networks. And startups today typically launch with cloud-native IT infrastructure.

Mobile comes into play everywhere. Employees, contractors, suppliers and customers consume and contribute from remote locations via their smartphones. And the first tools many of them grab for daily is a cloud-hosted productivity suite: Office 365 or G Suite.

The cloud-mobile environment is here to stay, and it will only get more deeply engrained going forward. This sets up an unprecedented security challenge that companies of all sizes, and in all sectors, must deal with. Cloud Access Security Brokers (CASBs), referred to as “caz-bees,” are well-positioned to help companies navigate this shifting landscape.

I had the chance to discuss this with Salah Nassar, vice president of marketing at CipherCloud, a leading San Jose, CA-based CASB vendor. We met at RSA 2020 and had a lively discussion about how today’s cloud-mobile environment enables network users to bypass traditional security controls creating gaping exposures, at this point, going largely unaddressed.

NEW TECH: Why it makes more sense for ‘PAM’ tools to manage ‘Activities,’ instead of ‘Access’

By Byron V. Acohido

Privileged Access Management (PAM) arose some 15 years ago as an approach to restricting  access to sensitive systems inside of a corporate network.

Related: Active Directory holds ‘keys to the kingdom’

The basic idea was to make sure only the folks assigned “privileged access’’ status could successfully log on to sensitive servers. PAM governs a hierarchy of privileged accounts all tied together in a Windows Active Directory (AD) environment.

It didn’t take cyber criminals too long to figure out how to subvert PAM and AD – mainly by stealing or spoofing credentials to log on to privileged accounts. All it takes is one phished or hacked username and password to get a toehold on AD. From there, an intruder can quickly locate and take control of other privileged accounts. This puts them in position to systematically embed malware deep inside of compromised networks.

Shoring up legacy deployments of PAM and AD installations has become a cottage industry unto itself, and great strides have been made. Even so, hacking groups continue to manipulate PAM and AD to plunder company networks. And efforts to securely manage privileged access accounts isn’t going to get any easier, going forward, as companies increase their reliance on hybrid IT infrastructures.

I had the chance to discuss this with Gerrit Lansing, Field CTO at Stealthbits Technologies, a Hawthorne, NJ-based supplier of software to protect sensitive company data. We spoke at RSA 2020. For a full drill down of our discussion, give the accompanying podcast a listen. Here are the key takeaways.

Enticing target

For 90 percent of organizations, Windows Active Directory is the hub for all identities, both human and machine. AD keeps track of all identities and enables all human-to-machine and machine-to-machine communications that take place on the network. PAM grants privileges to carry out certain activities on higher level systems.

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

By Byron V. Acohido

Ransomware continues to endure as a highly lucrative criminal enterprise.

Ransomware hacking groups extorted at least $144.35 million from U.S. organizations between January 2013 and July 2019. That’s the precise figure recently disclosed by the FBI — the true damage is almost certainly a lot steeper, given only a portion of cyber crimes ever get reported to law enforcement.

To get a foot in the door, ransomware purveyors direct weaponized email at a targeted employee. Once inside a network, they move laterally to locate and encrypt mission-critical systems; a ransom demand for a decryption key follows. In many cases, the lateral movement phase is being facilitated by the hijacking of an ubiquitous network administrator’s tool: Windows Active Directory, or AD.

I had a chance, once again, to discuss the yin vs. yang relating to Active Directory’s pivotal placement in the heart of corporate networks with Mickey Bresman,  co-founder and CEO of Semperis, an identity-driven cyber resilience company based in the new World Trade Center in Lower Manhattan. We met at RSA 2020. For a drill down on our discussion, give the accompanying podcast a listen. Here are key excerpts.

Ransomware uptick

AD enables IT staffers to manage access to servers and applications across the breadth of any Windows-based network; it’s used in 90 percent of U.S. organizations, which translates into tens of thousands of companies and agencies. In the spring of 2017, the WannaCry and NotPetya ransomware worms blasted around the globe, freezing up the Active Directory systems of thousands of companies.

SHARED INTEL: Study shows mismanagement of ‘machine identities’ triggers $52 billion in losses

By Byron V. Acohido

In one sense, digital transformation is all about machines.

Related: Authenticating IoT devices

Physical machines, like driverless vehicles and smart buildings; but, even more so, virtual machines. I’m referring to the snippets of “microservice” coding placed inside of modular software “containers” that get mixed and matched in “storage buckets,” and then processed in  “serverless computers” residing in the Internet cloud.

These virtual machines – which happen to be mushrooming in number — underly the physical machines. This all adds up to high-speed, agile innovation. But the flip side is that fresh software vulnerabilities are getting spun up, as well. Machines control the flow of all types of sensitive data. As a result, the way in which they connect and authorize communication makes them a primary security risk for organizations. And, cyber criminals, no surprise, are taking full advantage.

Now comes a study from Boston-based consultancy Air Worldwide that puts some hard numbers on the degree to which threat actors are plundering virtual machines. The report, titled The Economic Impact of Machine Identity Breaches, was commissioned by Salt Lake City, UT-based security vendor Venafi.

According to the study, poor management of machine identities leads directly to an estimated $52 billion to $72 billion in losses annually. What’s more, large enterprises, i.e. those with $2 billion or more in annual revenue, are getting hit twice as hard as smaller organizations, when it comes to cyber attacks that exploit anemic protections for machine identities.

I had a chance to visit once again with Jeff Hudson, Venafi’s outspoken CEO at RSA 2020. We had a lively discussion about the backdrop of the study, and its going-forward implications. For a full drill down, please give the accompanying podcast a listen. Here are excerpts, edited for clarity and length: