Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Steps forward

 

NEW TECH: ‘Network Traffic Analysis’ gets to ground truth about data moving inside the perimeter

By Byron V. Acohido

Digital transformation is all about high-velocity innovation. But velocity cuts two ways.

Related: Obsolescence creeps into perimeter defenses

Yes, the rapid integration of digital technologies into all aspects of commerce has enabled wonderful new services. But it has also translated into an exponential expansion of the attack surface available to cyber criminals.

This has led us to the current environment in which security threats are multiplying even as network breaches grow costlier and more frequent.

However, a newly-minted security sub-specialty —  christened Network Traffic Analysis, or NTA, by Gartner — holds some fresh promise for getting to the root of the problem. I had the chance to sit down at RSA 2019 with ExtraHop Networks, a Seattle-based supplier of NTA systems.

ExtraHop’s CISO Jeff Costlow walked me through what’s different about the approach NTA vendors are taking to help companies detect and deter leading-edge threats. For a drill down, give a listen to the accompanying podcast. Key takeaways:

NTA’s distinctions

Software development today routinely occurs at high velocity in order to build the digital services we can’t live without. Modular microservices, software containers and orchestration tools get spun up, using open source components; all of this mixing and matching occurs in the internet cloud, keeping things moving right along.

The inevitable security gaps that get created as part of this highly dynamic process have been getting short shrift, in deference to shipping deadlines. It’s not as though legacy security vendors are asleep at the wheel; they’ve been applying machine learning and AI to the output of SIEMs, firewalls, intrusion detection and other traditional security products designed to filter and detect malicious traffic directed at, and coming through, the perimeter. …more

Cloud computing 101: basic types and business advantages of cloud-delivered services

By Mike James

If you are looking for a simpler method of managing issues such as storage, software, servers and database, cloud computing could have the answers that your business needs. The cloud is becoming increasingly popular around the world, as organisations are starting to understand the organisational and cost benefits to using them.

Related: Using a ‘zero-trust’ managed security service

In this article we will take a look at the different types of cloud computing services available to see whether this might be something suitable for your business.

Four types

Before you can establish whether or not cloud computing is right for your business, it is necessary to understand the differences between the forms of cloud computing that are available to you. Known by the …more

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

By Byron V. Acohido

Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds.

Related: How NSA cyber weapon could be used for a $200 billion ransomware caper

Exabeam is a bold upstart in the SIEM space. The path this San Mateo, CA-based vendor is trodding tells us a lot about the unfolding renaissance of SIEMs – and where it could take digital commerce.

Launched in 2013 by Nir Polak, a former top exec at web application firewall vendor Imperva, Exabeam in just half a decade has raised an eye-popping $115 million in venture capital, grown to almost 350 employees and reaped over 100 percent revenue growth in each of the last three years.

I had the chance to visit with Trevor Daughney, Exabeam’s vice president of product marketing at RSA 2019. He explained how Exabeam has taken some of the same data analytics techniques that banks have long used to staunch credit card fraud and applied them to filtering network data logs. For a full drill down on our conversation, please listen to the accompanying podcast. Here are a few takeaways:

Very Big Data

The earliest SIEMs cropped up around 2005 or so. Led by the likes of Splunk, LogRhythm, IBM and Exabeam, the global SIEM market is expected to grow to over $5 billion annually in 2022.

Related: Autonomous vehicles are driving IoT security innovation

Fundamentally, SIEMs collect event log data from internet traffic, as well as corporate hardware and software assets. The starting idea was for a security analyst to then sift meaningful security intelligence from a massive volume of potential security events and keep intruders out. Yet, SIEMs never quite lived up to their initial promise.

And now, Big Data is about to become Very Big Data. Consider that 90 percent of the data that exists in the world today was generated in just the past couple of years. That includes everything moving across the internet: email, texting, online searches, social media posts, entertainment streaming, global finance, scientific research and cyber warfare. And on the horizon loom a full blown Internet of Things (IoT) and 5G networks, which will drive data generation to new heights. …more

BEST PRACTICES: 6 physical security measures every company needs

By Mike James

It has never been more important to invest in proper security for your business. Laws surrounding the personal data of individuals such as the General Data Protection Regulation (GDPR) put the onus on companies to ensure that both digital and physical copies of data are secure at all times.

Related: Shrinking to human attack vector

Gaining access to your property can provide criminals with the ability not only to steal physical items from your premises, but also to potentially infect computers with malware or access data through your IT infrastructure. Here are six physical security measures that you can put in place to help keep your company secure.

Access controls

Clearly your business needs to have some method of access control …more

NEW TECH: SyncDog vanquishes BYOD risk by isolating company assets on a secure mobile app

By Byron V. Acohido

The conundrum companies face with the Bring Your Own Device phenomenon really has not changed much since iPhones and Androids first captured our hearts, minds and souls a decade ago.

Related: Malvertising threat lurks in all browsers

People demand the latest, greatest mobile devices, both to be productive and to stay connected to their personal lives. But big organizations move methodically and in general struggle mightily when it comes to balancing productivity and security. This has led the BYOD dilemma cycling afresh, with each advance of the technology, which is what it’s doing right now.

SyncDog, a Reston, VA-based startup, has jumped into the mobile security space to help companies get a firmer grip on their BYOD exposures. I had the chance to sit down with SynCDog’s founder and CEO, Jonas Gyllensvaan, along with its Chief Revenue Officer, Brian Egenrieder, at RSA 2019.

They dissected the historical context, and conveyed some fresh insights about the societal drivers that make the BYOD such a mercurial operational challenge. A full drill down is worth a listen, and is  accessible via the accompanying podcast. Here are a few key takeaways:

Alphabet soup

When the initial wave of employee-owned iPhones, Androids and Blackberries began turning up in workplace settings, companies reacted by turning to MDM (mobile device management) service providers to handle the inventorying and provisioning of these new endpoints. MDM enabled administrators to oversee smartphones much like desktop PCs.

Soon, the MDMs added password protection and remote wiping capabilities to enable security staff to remotely “brick” a company device gone missing: destroy all apps and files, including any personal data. That was fine – until employees revolted. …more

MY TAKE: Microsoft’s Active Directory lurks as a hackers’ gateway in enterprise networks

By Byron V. Acohido

Many of our online activities and behaviors rely on trust. From the consumer side, for example, we trust that the business is legitimate and will take care of the sensitive personal information we share with them. But that level of trust goes much deeper on the organizational side.

Related: The case for ‘zero-trust’ authentication

Employees are given credentials that allow them authorized access to corporate networks and databases. IT leadership has to trust that those credentials are used properly.

That need for trust also make credentials one of the most difficult areas to secure. When someone is using the right user name and password combination to gain access, it is very difficult to tell if the user is legitimate or a bad guy. It is why credential theft has become a lucrative attack vector for cybercriminals, with credential stuffing attacks compromising billions of accounts last year.

Credential theft has led to a rise in attacks on tool that’s pervasively used in companies running Microsoft Windows-based networks. That tool is Active Directory. And because Active Directory is an almost universally-used tool in enterprise settings, it has, quite naturally, emerged as a favorite target of threat actors.

I had the chance to sit down with Rod Simmons, vice president of product strategy at STEALTHbits Technologies, a Hawthorne, NJ-based supplier of systems to protect sensitive company data, to discuss this at RSA 2019. For a full drill down, listen to the accompanying podcast. Key takeaways: …more

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

By Byron V. Acohido

When Target fired both its CEO and CIO in 2014, it was a wake-up call for senior management.

The firings came as a result of a massive data breach which routed through an HVAC contractor’s compromised account. C-suite execs across the land suddenly realized something similar could happen to them. So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant.

Out of that morass was born CyberGRX, a Denver, CO-based start-up that’s seeking to dramatically streamline third-party risk assessments, and actually turn them into a tool that can help mitigate cyber exposures.

I had the chance to visit with CyberGRX CEO Fred Kneip at RSA 2019 at San Francisco’s Moscone Center last week. He shared a telling anecdote about how CyberGRX got its start — essentially from backlash to the milestone Target breach.

Kneip also painted the wider context about why effective third-party cyber risk management is an essential ingredient to baking-in security at a foundational level. For a full drill down, please listen to the accompanying podcast. The key takeaways:

Rise of third parties

In 2016, Jay Leek – then CISO at the Blackstone investment firm, and now a CyberGRX board member —  was collaborating with CSOs at several firms Blackstone had invested in when a common theme came up. The CSOs couldn’t scale their third-party risk assessment programs to keep up with growth. The problem had become untenable.

The Target firings lit a fire under senior management to make third-party security audits standard practice. But they did so without taking into account the hockey-stick rise in reliance on third-party suppliers. No one thought deeply enough about how they were distributing privileged access to innumerable third-party vendors.

Facilities repairman, like the HVAC vendor, was a small part of this trend. The corporate sector’s pursuit of digital transformation had given rise to new cottage industries of third-party contractors for everything from payroll services, accounting systems and HR functions to productivity suites,  customer relationship services and analytics tools.

“Think about the CEO who’s overstretched and one step removed . . . the problem of how  third-parties might be exposing company data became, not so much neglected, as de-prioritized, even as companies became more and more dependent on these third party providers,” Kneip told me. …more