Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Steps forward

 

Black Hat insights: Generative AI begins seeping into the security platforms that will carry us forward

By Byron V. Acohido

LAS VEGAS – Just when we appeared to be on the verge of materially shrinking the attack surface, along comes an unpredictable, potentially explosive wild card: generative AI.

Related: Can ‘CNAPP’ do it all?

Unsurprisingly, generative AI was in the spotlight at Black Hat USA 2023, which returned to its full pre-Covid grandeur here last week.

Maria Markstedter, founder of Azeria Labs, set the tone in her opening keynote address. Artificial intelligence has been in commercial use for many decades; Markstedter recounted why this potent iteration of AI is causing so much fuss, just now.

Generative AI makes use of a large language model (LLM) – an advanced algorithm that applies deep learning techniques to massive data sets. The popular service, ChatGPT, is based on OpenAI’s LLM, which taps into everything available across the Internet through 2021, plus anything a user cares

GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication

By Thierry Gagnon

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies.

Related: Satya Nadella calls for facial recognition regulations

Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember. That all changed rather quickly.

Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. In fact, according to Verizon’s most recent data breach report, approximately 80 percent of all breaches are caused by phishing and stolen credentials. Not only are passwords vulnerable to brute force attacks, but they can also be easily forgotten and reused across multiple accounts.

They are simply not good enough. The sudden inadequacy of passwords has prompted broad changes to how companies must create, store, and manage them. The problem is these changes have made the user experience more convoluted and complicated.

STEPS FORWARD: Can ‘CNAPP’ solutions truly unify cloud, on-premises best cybersecurity practices?

By Byron V. Acohido

A fledgling security category referred to as Cloud-Native Application Protection Platforms (CNAPP) is starting to reshape the cybersecurity landscape.

Related: Computing workloads return on-prem

CNAPP solutions assemble a varied mix of security tools and best practices and focuses them on intensively monitoring and managing cloud-native software, from development to deployment.

Companies are finding that CNAPP solutions can materially improve the security postures of both cloud-native and on-premises IT resources by unifying security and compliance capabilities. However, to achieve this higher-level payoff, CISOs and CIOs must first bury the hatchet and truly collaborate – a bonus return.

In a ringing endorsement, Microsoft recently unveiled its CNAPP offering, Microsoft Defender for Cloud; this is sure to put CNAPP on a rising adoption curve with many of the software giant’s enterprise customers, globally. Meanwhile, Cisco on May 24 completed its acquisition of Lightspin, boosting its CNAPP capabilities, and Palo Alto Networks has continued to steadily sharpen its CNAPP chops, most recently with the acquisition of Cider Security.

At RSA Conference 2023, I counted at least 35 other vendors aligning their core services to CNAPP, in one way or another;

MY TAKE: ‘IOWN’ makes the business case for fostering diversity, respecting individual privacy

By Byron V. Acohido

To tap the full potential of massively interconnected, fully interoperable digital systems we must solve privacy and cybersecurity, to be sure.

Preserving privacy for a greater good

But there’s yet another towering technology mountain to climb: we must also overcome the limitations of Moore’s Law.

After 30 years, we’ve reached the end of Moore’s Law, which states that the number of transistors on a silicon-based semiconductor chip doubles approximately every 18 months. In short, the mighty integrated circuit is maxed out.

Last spring, I attended NTT Research’s Upgrade 2023 conference in San Francisco and heard presentations by scientists and innovators working on what’s coming next.

I learned how a who’s who list of big tech companies, academic institutions and government agencies are hustling to, in essence,

FIRESIDE CHAT: Outrageous phone bills stun businesses targeted for ‘SMS toll fraud’

By Byron V. Acohido

SMS toll fraud is spiking. I learned all about the nuances of deploying – and defending – these insidious attacks in a recent visit with Arkose Labs CEO, Kevin Gosschalk, who explained how the perpetrators victimize businesses that use text messages to validate phone users signing up for a new account.

Related: Countering Putin’s weaponizing of ransomware

The fraudsters set themselves up as “affiliates” of phone companies in Indonesia, Thailand and Vietnam and then use bots to apply for online accounts, en masse, at a targeted business. The con: each text message the business then sends in return —  to validate the applicant — generates a fee for the phone company which it shares with the affiliate.

This fraudulent activity usually remains undetected until the business receives a bill for an unusually high number of

News Alert: Budget pressures drive prioritizing of OT cybersecurity projects, says Radiflow

Tel Aviv, Israel, June 19, 2023– Radiflow, creators of the leading OT network cybersecurity platform CIARA, continue to see budgetary pressure as a main driver in prioritizing OT Cybersecurity projects. This has created opportunities for more partnerships across the OT Cybersecurity sector, resulting in greater flexibility and coverage in the analysis of OT networks.

CISOs of OT operational facilities, such as production plants, utility operations, critical infrastructure, and logistics centers, are facing a hostile environment where outdated machines are susceptible to attack for financial gain or political statements. In response, Radiflow recently released CIARA 4.0, focusing on illuminating the vulnerabilities of all network devices and mapping of the recommended security controls using a breach attack simulation (BAS) engine.

Radiflow has partnered with industry leaders to feed greater data into its analytics platform and provide quick risk assessment insights to help CISOs optimize and justify OT security budgets despite the overall pressure for budget cuts. One such major integration is with Awen

News Alert: ThriveDX’s Cyber Academy for Enterprise meets talent shortage, promotes inclusion

Miami, Fla. – June 20, 2023 –  ThriveDX, the leader in cybersecurity and digital skills training, today announced the official launch of its new Cyber Academy for Enterprise. This innovative solution, part of the company’s Human Factor Security suite, empowers organizations to reskill and upskill employees for cybersecurity positions while also attracting diverse external candidates, simultaneously addressing the growing talent and diversity gaps in the cyber industry.

Cyber Academy for Enterprise is more than a cybersecurity training program – it’s a complete solution that enables businesses and government agencies to cultivate their internal talents while simultaneously attracting diverse external candidates for cybersecurity positions.

Designed for an end-to-end cybersecurity learning journey, the program offers pre-training screening, intensive training, and post-training matching to facilitate an efficient talent acquisition and development process.

“The cybersecurity talent shortage and lack of diversity, is one of the biggest challenges of human resources and cybersecurity leaders. Effective reskilling of employees demands considerable investment, and recruiting diverse talent requires a comprehensive understanding of