Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

RSA Podcasts

 

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

By Byron V. Acohido

There’s no stopping the Internet of Things now.

Related: The promise, pitfalls of IoT

Companies have commenced the dispersal of IoT systems far and wide. Data collected by IoT devices will increasingly get ingested into cloud-centric networks where it will get crunched by virtual servers. And fantastic new IoT-enabled services will spew out of the other end.

The many privacy and security issues raised by IoT, however, are another story. The addressing of IoT privacy and security concerns lags far, far behind. Commendably, the global cybersecurity community continues to push companies to practice cyber hygiene. And industry groups and government regulators are stepping up efforts to incentivize IoT device makers to embed security at the device level.

Very clearly, something more is needed. That’s where a cottage industry of security companies in the Network Detection and Response (NDR) space comes into play. NDR vendors champion the notion that it’s a good idea for someone to be keeping an eagle eye on the rivers of packets that crisscross modern enterprise networks, especially packets flooding in from IoT systems. That can be done very efficiently today, and would markedly improve network security without waiting for better security practices or tougher industry standards to take hold, they argue.

I had a fascinating discussion about this with Sri Sundaralingam, vice president of cloud and security solutions at ExtraHop, a Seattle-based supplier of NDR technologies. We spoke at RSA 2020. For a full drill down on our conversation, give the accompanying podcast a listen. Here are the key takeaways:

IoT surge

According to Fortune Business Insights, the global IoT market will top $1.1 trillion by 2026, up from $190 billion in 2018. That’s a compounded annual growth rate of a whopping 24.7 percent.

SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

By Byron V. Acohido

Application programming interface. API. It’s the glue holding digital transformation together.

Related: A primer on ‘credential stuffing’

APIs are the conduits for moving data to-and-fro in our digitally transformed world. APIs are literally everywhere in the digital landscape, and more are being created every minute. APIs connect the coding that enables the creation and implementation of new applications.

However, APIs also manifest as a wide open, steadily expanding attack vector. Many organizations caught up in the frenzy of digital transformation don’t fully appreciate the gaping exposures APIs have come to represent.

I had the chance to discuss this with Matt Keil, director of product marketing at Cequence Security, a Sunnyvale, Calif.-based application security vendor that’s in the thick of helping businesses mitigate web application exposures. We spoke at RSA 2020. For a full drill down, please give the accompanying podcast a listen. Here are key takeaways:

Romance scams

Like many modern companies, Zoosk, the popular San Francisco-based dating site, rests on infrastructure that’s predominantly cloud-based. Zoosk’s core service is delivered via a mobile app that has 20 different registration and/or login pages – all are API driven.

Thus, it was well worth it for a hacking group to study Zoosk’s IT stack to reconnoiter its weak points.  Here’s how Keil breaks down what happened:

BEST PRACTICES: Mock attacks help local agencies, schools prepare for targeted cyber scams

By Byron V. Acohido

Cyber criminals who specialize in plundering local governments and school districts are in their heyday.

Related: How ransomware became a scourge

Ransomware attacks and email fraud have spiked to record levels across the U.S. in each of the past three years, and a disproportionate number of the hardest hit organizations were local public agencies.

Lucy Security, a security training company based in Zug, Switzerland that works with many smaller public entities, has been in the thick of this onslaught. The company’s software is used to run public servants and corporate employees through mock cyberattack training sessions. There’s an obvious reason smaller public entities have become a favorite target of cybercriminals: most are run on shoestring budgets and corners tend to get cut in IT security, along with everything else operationally.

I had a chance to discuss this with Lucy Security Inc. CEO Colin Bastable at RSA 2020. Another factor I never thought about, until meeting with Bastable, is that public servants typically possess a can-do work ethic. This can make them particularly susceptible to social engineering trickery, the trigger for online extortion and fraud campaigns, Bastable told me.

For a drill down on my full interview with Bastable, give the accompanying podcast a listen. Here are the key takeaways:

Simple, lucrative fraud

What happened in the state of Texas earlier last January is a microcosm of intensifying pressure all local agencies face from motivated hackers and scammers.

Fraudsters did enough online intelligence gathering on the Manor Independent School District, in Manor, Texas, to figure out which vendors were in line to receive large bank transfers as part of the school district spending the proceeds of a large school bond. They also studied the employees who handled the transactions.

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

By Byron V. Acohido

Deploying the latest, greatest detection technology to deter stealthy network intruders will take companies only so far.

Related: What we’ve learned from the massive breach of Capitol One

At RSA 2020, I learned about how one of the routine daily chores all large organizations perform — data governance — has started to emerge as something of a cybersecurity multiplier.

It turns out there are some housekeeping things companies can do while ingesting, leveraging and storing all of the data churning through their complex hybrid cloud networks. And by doing this housekeeping – i.e. by improving their data governance practices — companies can reap higher efficiencies, while also tightening data security.

This nascent trend derives from a cottage industry of tech vendors in the “content collaboration platform” (CCP) space, which evolved from the earlier “enterprise file sync and share”  (EFSS) space. I had the chance to sit down with Kris Lahiri, CSO and co-founder of Egnyte, one of the original EFSS market leaders. For a drill down on our discussion about how data governance has come to intersect with cybersecurity, give a listen to the accompanying podcast. Here are key takeaways:

Storage efficiencies

With so much data coursing through business networks, companies would be wise to take into consideration the value vs. risk proposition of each piece of data, Lahiri says. The value of data connected to a live project is obvious. What many organizations fail to do is fully assess – and set policies for — data they hang on to after the fact.

One reason for this is storage is dirt cheap. It has become common practice for companies to store a lot of data without really thinking too hard about it. In fact, there’s a strong case to be made for meticulously archiving all stored data, as well as getting on a routine of purging unneeded data on a regular basis.

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

By Byron V. Acohido

DevOps is now table stakes for any company hoping to stay competitive. Speed and agility is the name of the game. And everyone’s all-in.

Related: A firewall for microservices

DevSecOps arose to insert security checks and balances into DevOps, aiming to do so without unduly degrading speed and agility.

If you’re thinking that speed and security are like oil and water, you’re right. At RSA 2020, I had an eye-opening discussion with Rohit Sethi, CEO of Security Compass, about this. Sethi walked me through some of the limitations of DevSecOps, as well as the approach Security Compass is taking to help shore it up. For a full drill down on our discussion, please give the accompanying podcast a listen. Here are key takeaways:

The speed imperative

Software has become the life blood of virtually all industries. As companies have come to realize how pivotal software is, an urgency has arisen to develop code as quickly as humanly possible.

Fail fast. That’s become the mantra of DevOps. Pour everything into quickly deploying minimally viable software to learn where it works or fails, and then iterate and remediate on the fly. Fail fast has replaced the methodical, linear approach to developing software, which sought to achieve a perfect product.

NEW TECH: ‘Micro-segmentation’ security vendor Guardicore seeks to disrupt firewall market

By Byron V. Acohido

Agile software innovation is the order of the day. Wonderous digital services are the result.

Related: Micro-segmentation taken to the personal device level

The flip side, of course, is that an already wide-open attack surface – one that has been getting plundered for the past two decades by criminal hacking groups — is getting scaled up, as well.

Enter micro-segmentation; or microsegmentation, depending on which cybersecurity vendor you’re talking to.

Micro-segmentation is a fresh approach to defending company networks that is actually a throwback to a 30-year-old security concept, called network segmentation. It’s a way to replace the clunky controls that were designed to cordon off certain zones of on-premises IT infrastructure with sleek, software-defined controls that are more fitting for the hybrid cloud networks that will take us forward.

Micro-segmentation got a lot of attention at RSA 2020. I had the chance to learn more about how it works, and why it holds so much promise, in a visit with Pavel Gurvich, co-founder and chief executive officer of Tel Aviv, Israel-based Guardicore, one of the leading players in this space. For a full drill down on our conversation, give the accompanying podcast a listen. Here are the key takeaways:

Micro-managing workloads

Companies today are immersed in digital transformation; they’re migrating to cloud-based business systems, going all in on mobile services and embracing Internet of Things systems whole hog. DevOps has taken center stage. Software innovation happens by combining “microservices” within “software containers” that circulate in virtual “storage buckets,” spun up in Amazon Web Services (AWS,) Microsoft Azure and Google Cloud.

Q&A: Accedian’s Michael Rezek on using ‘Network Traffic Analysis’ to defend hybrid networks

By Byron V. Acohido

Defending business networks isn’t getting any easier. Companies can have the latest, greatest perimeter defenses, intrusion detection systems and endpoint protections – and attackers will still get through. Just ask Equifax or Capital One.

Related: Why cybersecurity should reflect societal values

An emerging approach, called Network Traffic Analysis, is gaining traction as, in effect, a catch-all network security framework positioned at the highest layer of the networking stack. Heavyweights Cisco and FireEye are playing in this space. And so are a couple of dozen other vendors, many of them extending over from the network performance monitoring arena.

I had a lively discussion at RSA 2020 with one of these vendors, Accedian, a 15-year-old company based in Montreal, Canada. For a full drill down on my discussion with Michael Rezek, Accedian’s vice president of business development and cybersecurity strategy, give a listen to the accompanying podcast. Here are excerpts of my interview with Rezek, edited for clarity and length.

LW: How would you frame the security challenge companies are facing today?

Rezek: IT infrastructure today is more distributed than it has ever been, whether it’s Platform as a Service, Infrastructure as a Service, or cloud, multi-cloud, or hybrid cloud. This distribution of IT assets creates far more network dependencies than it ever has before.