Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Podcasts

 

FIRESIDE CHAT: ‘Attack surface management’ has become the centerpiece of cybersecurity

By Byron V. Acohido

Post Covid 19, attack surface management has become the focal point of defending company networks.

Related: The importance of ‘SaaS posture management’

As digital transformation continues to intensify, organizations are relying more and more on hosted cloud processing power and data storage, i.e. Platform as a Service (PaaS,) as well as business tools of every stripe, i.e. Software as a Service (SaaS.)

I had the chance to visit with Jess Burn, a Forrester senior analyst, about the cybersecurity ramifications.

Guest expert: Jess Burn, Senior Analyst, Forrester Research

We discussed how the challenge has become defending the cloud-edge perimeter. This entails embracing new security frameworks, like Zero Trust Network Access, as well as adopting new security tools and strategies.

This boils down to getting a comprehensive handle on all of the possible connections to sensitive cyber assets, proactively managing software vulnerabilities and detecting and responding to live attacks.

A new category of attack surface management tools and services is gaining traction and fast becoming a must-have capability. To learn more, please give the accompanying Last Watchdog Fireside Chat podcast a listen.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

FIRESIDE CHAT: The inevitable replacement of VPNs by ‘ZTNA’ — zero trust network access

By Byron V. Acohido

Virtual Private Networks – VPNs – remain widely used in enterprise settings. Don’t expect them to disappear anytime soon.

Related: Taking a risk assessment approach to vulnerability management.

This is so, despite the fact that the fundamental design of a VPN runs diametrically opposed to  zero trust security principles.

I had the chance to visit with David Holmes, network security analyst at Forrester, to learn more about how this dichotomy is playing out as companies accelerate their transition to cloud-centric networking.

Guest expert: David Holmes, Analyst for Zero Trust, Security and Risk, Forrester Research

 

VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe. VPNs verify once and that’s it.

Zero trust — and more specifically zero trust network access, or ZTNA — never trusts and always verifies. A user gets continually vetted, with only the necessary level of access granted, per device and per software application; and behaviors get continually analyzed to sniff out suspicious patterns.

Remote access is granted based on granular policies that take the least-privilege approach. For many reasons, and for most operating scenarios, ZTNA solutions makes more sense, going forward, than legacy VPN systems, Holmes told me. But that doesn’t mean VPN obsolescence is inevitable. To learn more, please give the accompanying Last Watchdog Fireside Chat podcast a listen.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

FIRESIDE CHAT: New ‘SASE’ weapon chokes off ransomware before attack spreads laterally

By Byron V. Acohido

It’s stunning that the ransomware plague persists.

Related: ‘SASE’ blends connectivity and security

Verizon’s Data Breach Incident Report shows a 13 percent spike in 2021, a jump greater than the past  years combined; Sophos’ State of Ransomware survey shows victims routinely paying $1 million ransoms.

In response, Cato Networks today introduced network-based ransomware protection for the Cato SASE Cloud. This is an example of an advanced security capability meeting an urgent need – and it’s also more evidence that enterprises must inevitably transition to a new network security paradigm.

Guest expert: Etay Maor, Senior Director of Security Strategy, Cato Networks

I had the chance to visit with Etay Maor of Cato Networks. We discussed how Secure Access Services Edge – SASE – embodies this new paradigm. In essence, SASE moves the security stack from the on-premises perimeter far out to the edge, just before the cloud.

This gives security teams comprehensive visibility of all network activity, in real time, which makes many high-level security capabilities possible. For a full drill down on my conversation with Etay Maor, please give the accompanying podcast a listen.

Network security developments are progressing. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

RSAC insights: How IABs — initial access brokers — help sustain, accelerate the ransomware plague

By Byron V. Acohido

Specialization continues to advance apace in the cybercriminal ecosystem.

Related: How cybercriminals leverage digital transformation

Initial access brokers, or IABs, are the latest specialists on the scene. IABs flashed to prominence on the heels of gaping vulnerabilities getting discovered and widely exploited in Windows servers deployed globally in enterprise networks.

I had the chance at RSA Conference 2022 to visit with John Shier, senior security advisor at Sophos, a security software and hardware company. We discussed how the ProxyLogon/Proxy Shell vulnerabilities that companies have been scrambling to patch for the past couple of years gave rise to threat actors who focus on a singular mission: locating and compromising cyber assets with known vulnerabilities.

For a drill down on IABs, please give the accompanying podcast a listen. Here are the key takeaways:

Sequential specialists

IABs today jump into action anytime a newly discovered bug gets publicized, especially operating system coding flaws that can be remotely exploited. IABs gain unauthorized network access and then they often will conduct exploratory movements to get a sense of what the compromised asset is, Shier told me.

This is all part triangulating how much value the breached asset might have in the Darknet marketplace. “IABs specialize in one specific area of the cybercrime ecosystem where the victims are accumulated and then sold off to the highest bidder,” he says.

To assure persistent access to, say, a compromised web server, an IAB will implant a web shell – coding that functions as a back door through which additional malicious

RSAC insights: ‘CAASM’ tools and practices get into the nitty gritty of closing network security gaps

By Byron V. Acohido

Reducing the attack surface of a company’s network should, by now, be a top priority for all organizations.

Related: Why security teams ought to embrace complexity

As RSA Conference 2022 convenes this week (June 6 -9) in San Francisco, advanced systems to help companies comprehensively inventory their cyber assets for enhanced visibility to improve asset and cloud configurations and close security gaps will be in the spotlight.

As always, the devil is in the details. Connecting the dots and getting everyone on the same page remain daunting challenges. I visited with Erkang Zheng, founder and CEO of JupiterOne, to discuss how an emerging discipline — referred to as “cyber asset attack surface management,” or CAASM – can help with this heavy lifting.

Based in Morrisville, NC, JupiterOne launched in 2020 and last week announced that it has achieved a $1 billion valuation, with a $70 million Series C funding round.

For a full drill down, please give the accompanying podcast a listen. Here are my takeaways:

RSAC insights: Security platforms arise to help companies discover, assess and mitigate cyber risks

By Byron V. Acohido

Pity the poor CISO at any enterprise you care to name.

Related: The rise of ‘XDR’

As their organizations migrate deeper into an intensively interconnected digital ecosystem, CISOs must deal with cyber attacks raining down on all fronts. Many are working with siloed security products from another era that serve as mere speed bumps. Meanwhile, security teams are stretched thin and on a fast track to burn out.

Help is on the way. At RSA Conference 2022, which takes place this week (June 6 – 9) in San Francisco, new security frameworks and advanced, cloud-centric security technologies will be in the spotlight. The overarching theme is to help CISOs gain a clear view of all cyber assets, be able to wisely triage exposures and then also become proficient at swiftly mitigating inevitable breaches.

Easier said than done, of course. I had the chance to discuss this with Lori Smith, director of product marketing at Trend Micro. With $1.7 billion in annual revenue and 7,000 employees, Trend Micro is a prominent leader in the unfolding shift towards a more holistic approach to enterprise security, one that’s a much better fit for the digital age. For a full drill down on our discussion, please give the accompanying podcast a listen. Here are key takeaways.

Beyond silos

It was only a few short years ago that BYOD and Shadow IT exposures were the hot topics at RSA. Employees using their personally-owned smartphones to upload cool new apps presented a nightmare for security teams.

Fast forward to today. Enterprises are driving towards a dramatically scaled-up and increasingly interconnected digital ecosystem. The attack surface of company networks has expanded exponentially, and fresh security gaps are popping up everywhere.

RSAC insights: Malware is now spreading via weaponized files circulating in data lakes, file shares

By Byron V. Acohido

The zero trust approach to enterprise security is well on its way to mainstream adoption. This is a very good thing.

Related: Covid 19 ruses used in email attacks

At RSA Conference 2022, which takes place this week (June 6 – 9) in San Francisco, advanced technologies to help companies implement zero trust principals will be in the spotlight. Lots of innovation has come down the pike with respect to imbuing zero trust into two pillars of security operations: connectivity and authentication.

However, there’s a third pillar of zero trust that hasn’t gotten quite as much attention: directly defending data itself, whether it be at the coding level or in business files circulating in a highly interconnected digital ecosystem. I had a chance to discuss the latter with Ravi Srinivasan, CEO of  Tel Aviv-based Votiro which launched in 2010 and has grown to  .

Votiro has established itself as a leading supplier of advanced technology to cleanse weaponized files. It started with cleansing attachments and weblinks sent via email and has expanded to sanitizing files flowing into data lakes and circulating in file shares. For a full drill down on our discussion, please give the accompanying podcast a listen. Here are key takeaways.