Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

RSA Podcasts

 

SHARED INTEL: FireMon survey shows security lags behind fast pace of hybrid cloud deployments

By Byron V. Acohido

Corporate America’s love affair with cloud computing has hit a feverish pitch. Yet ignorance persists when it comes to a momentous challenge at hand: how to go about tapping the benefits of digital transformation while also keeping cyber exposures to a minimum level.

Related: Why some CEOs have quit tweeting

That’s the upshot of FireMon’s second annual State of Hybrid Cloud Security Report of 522 IT and security professionals, some 14 percent of whom occupy C-suite positions.

Nearly 60 percent of the respondents indicated the pace of their cloud deployments have surpassed their ability to secure them in a timely manner. Notably, that’s essentially the same response FireMon got when it posed this same question in its inaugural hybrid cloud survey some 14 months ago.

That’s not a good thing, given migration to cloud-based business systems, reliance on mobile devices and onboarding of IoT systems are all on an upward sweep. “It doesn’t seem like we’ve moved the needle on security at all,” says Tim Woods, vice president of technology alliances at FireMon, the leading provider of automated network security policy management systems.

I had the chance to visit with Woods at RSAC 2020 in San Francisco recently. For a full drill down on our discussion, please give a listen to the accompanying podcast. Here’s a summary of key takeaways:

Shared burden confusion

Hybrid cloud refers to the mixing and matching of on-premise IT systems, aka private clouds, with processing power, data storage, and collaboration tools leased from public cloud services, such as Amazon Web Services, Microsoft Azure and Google Cloud. Hybrid clouds are being leveraged to refresh legacy networks, boost productivity and innovate new software services at breakneck speed, to keep pace with rivals.

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

By Byron V. Acohido

Encryption is a cornerstone of digital commerce. But it has also proven to be a profound constraint on the full blossoming of cloud computing and the Internet of Things.

Related: A ‘homomorphic-like’ encryption solution

We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest. However, we’ve yet to arrive at a seminal means to crunch encrypted data – without first having to decrypt it.

Math geniuses and data scientists have been trying to solve this problem for more than half a century. It has only been in the past 10 years or so that commercial versions of homomorphic encryption, which I’ve written about, have slowly gained traction. Another solution is something called Multi Party Computation, or MPC, which I was unfamiliar with when heading to RSA 2020 recently.

I had the chance to visit with Nigel Smart, co-founder of Unbound Tech, a company which uses MPC technology to solve the problem of private key protection and key management. The company, based in Petach Tikvah, Israel, addresses the problem via a “virtual Hardware Security Module” as opposed to the traditional method of using physical infrastructure. Smart told me about how MPC has attracted the attention of the cryptocurrency community, in particular the purveyors of crypto currency exchanges and the suppliers of digital wallets.

And he explained how advanced encryption technologies, like MPC and homomorphic encryption, are on the cusp of enabling much higher use of the mountains of data hoarded in cloud storage by companies and governments. For a full drill down on our discussion, give the accompanying podcast a listen. My big takeaways:

NEW TECH: Byos pushes ‘micro segmentation’ approach to cybersecurity down to device level

By Byron V. Acohido

Many companies take an old-school approach to bringing up the rear guard, if you will, when it comes to protecting IT assets.

It’s called network segmentation. The idea is to divide the network up into segments, called subnetworks, to both optimize performance as well as strengthen security.

Related: A use case for endpoint encryption

At RSA 2020 in San Francisco recently, I learned about how something called  “micro segmentation” is rapidly emerging as a viable security strategy. Micro segmentation takes the fundamental principle of network segmentation and drives it down to smaller and smaller subnetworks.

One security vendor pushing micro segmentation just about as low as you can go — all the way to the individual device level —  is a Nova Scotia-based startup called Byos. I had the chance to visit with Matias Katz, founder and CEO, and Ryan Bunker, business development director, at RSA 2020. For a full drill down on our conversation, give the accompanying podcast a listen. Here are key takeaways:

Micro gateways

A network gateway is like a submarine’s bulkhead passageways, which can be sealed off in emergencies. It’s where traffic passes from one subnetwork to the next. It’s also where you can put a hard stop on the movement of anything dangerous.

SHARED INTEL: Bogus Coronavirus email alerts underscore risk posed by weaponized email

By Byron V. Acohido

It comes as no surprise that top cyber crime rings immediately pounced on the Coronavirus outbreak to spread a potent strain of malware via malicious email and web links.

Related: Credential stuffing fuels cyber fraud

IBM X-Force researchers shared details about how emails aimed at Japanese-speaking individuals have been widely dispersed purporting to share advice on infection-prevention measures for the disease. One of the waves of weaponized emails actually is designed to spread a digital virus: the notorious Emotet banking Trojan designed to steal sensitive information.

One cybersecurity company, Tel Aviv-based Votiro, is taking a different approach to strengthen protection against such weaponized documents, using technology that disarms files before they are delivered to the recipient’s inbox.   I had the chance to visit with Votiro CEO and founder Aviv Grafi at RSA 2020. For a full drill down give a listen to the accompanying podcast. Here are a few key takeaways:

Filtering falls short

As a former penetration tester who specialized in testing employees aptitude for resisting email lures, Grafi saw time-and-again how – and why – attackers leverage timely events, such as celebrity deaths, holidays or tax deadlines to lure email recipients to click on corrupted Word docs or PDF attachments.

Votiro introduced their ‘Disarmer’ technology, called CDR, for “content, disarm and reconstruction” to the U.S. market in 2019. CDR takes a prevention, instead of detection, approach to disarming weaponized email and deterring document-delivered malware.

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

By Byron V. Acohido

The cybersecurity needs of small- and mid-sized businesses (SMBs) differ from those of large enterprises, but few solutions cater to them. A 2018 Cisco Cybersecurity Special Report found that 54 % of all cyber attacks cost the target company more than $0.5 million — damages that would crush most SMBs. However, smaller companies rarely have the IT talent, tools, or budget to prevent such attacks.

Related: SMBs are ill-equipped to deal with cyber threats

Without a cohesive cybersecurity framework, SMBs are falling further behind as digital transformation, or DX, ramps up.  Embracing digital transformation becomes even more of a challenge without a dedicated platform to address vulnerabilities.

I spoke with Maurice Côté, VP Business Solutions, and Martin Lemay, CISO,  of Devolutions, at the RSA 2020 Conference in San Francisco recently. Devolutions is a Montreal, Canada-based company that provides remote connection in addition to password and privileged access management (PAM) solutions to SMBs. You can get a full drill down on our discussion in the accompanying podcast. Here are some of the key takeaways:

PAM 101

PAM is crucial to all companies because it reduces opportunities for malicious users to penetrate networks and obtain privileged account access, while providing greater visibility of the environment. Current PAM solutions cater almost exclusively for large organizations.

Suppliers simply strip down their enterprise versions to sell to SMBs, with their solutions being prohibitively expensive for SMBs. Poorly implemented authentication can also lead to network breaches and compliance headaches.

NEW TECH: Juicing up SOAR — SIRP inserts risk-based analysis into network defense playbooks

By Byron V. Acohido

Security information and event management (SIEM) is evolving and integrating with security orchestration, automation, and response (SOAR) to add real value in the cybersecurity space.

Related: How SOAR Is Helping to Address the Cybersecurity Skills Gap

SIEM is useful for detecting potential security incidents and triggering alerts, but the addition of a SOAR solution brings these alerts to another level by triaging the data and adopting remediation measures where required.

A new addition to the SOAR space is SIRP, a platform established in 2019 in the UK that combines security operations management with cybersecurity intelligence. I caught up with Faiz Shuja, SIRP cofounder, at the RSA 2020 Conference in San Francisco recently. You can get a full drill down on our discussion in the accompanying podcast. Here are a few key takeaways:

Quickening investigations

Enterprises are drowning in an ocean of threat feeds; SOAR offers a lifeline.

An endless stream of technologies that deliver data, combined with a shortage of skilled security analysts, has pushed the market toward SOAR, which automates repetitive security analysis tasks and frees analysts to work on more important tasks.

BEST PRACTICES: The case for ‘adaptive MFA’ in our perimeter-less digital environment

By Byron V. Acohido

One of the catch phrases I overheard at RSA 2019 that jumped out at me was this: “The internet is the new corporate network.”

Related: ‘Machine identities’ now readily available in the Dark Net

Think about how far we’ve come since 1999, when the Y2K scare alarmed many, until today, with hybrid cloud networks the norm. There’s no question the benefits of accelerating digital transformation are astounding.

Yet the flip side is that legacy security approaches never envisioned perimeter-less computing. The result, not surprisingly, has been a demonstrative lag in transitioning to security systems that strike the right balance between protection and productivity.

Take authentication, for example. Threat actors are taking great advantage of the lag in upgrading authentication. The good news is that innovation to close the gap is taking place. Tel Aviv-based security vendor Silverfort is playing in this space, and has found good success pioneering a new approach for securing authentication in the perimeterless world.

Founded in 2016 by cryptography experts from the Israeli Intelligence Corps’ elite 8200 cyber unit, Silverfort is backed by leading investors in cybersecurity technologies.

I had the chance to catch up with Dana Tamir, Silverfort’s vice president of market strategy, at RSA 2019. For a full drill down of the interview, please listen to the accompanying podcast. Here are the key takeaways:

Eroding effectiveness

Compromised credentials continue to be the cause of many of today’s data breaches. The use of multi-factor authentication, or MFA, can help protect credentials, but even those solutions have lost much of their effectiveness. The problem is that most MFA solutions are designed for specific systems, rather than today’s more dynamic environments. Traditional MFA may have hit its limitations due to dissolving perimeters.

In the past, Tamir explained, you had a solid perimeter around your network, with one entry point and you added the MFA to that single entry for the extra layer of protection. But … more