Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

Top Stories

 

RSAC Fireside Chat: The many flavors of ‘SASE’ now includes Aryaka’s ‘Unified SASE as a Service.”

By Byron V. Acohido

Secure Access Service Edge (SASE) has come a long way since Gartner christened this cloud-centric cybersecurity framework in 2019.

Related: Can SASE stop tech sprawl?

SASE blends networking architecture, namely SD-WAN, with cloud-delivered security services such as security web gateways, Zero Trust network access and more.

Several distinct variants of SASE have come to be supplied by diverse sources. This includes new players, like Versa Networks and Cato Networks; security stalwarts, like Palo Alto Networks and Zscaler; and even tech giants, like Cisco and Akamai.

Just after RSAC 2024, I had the chance to visit with Ken Rutsky, CMO at Aryaka, which is supplying yet another flavor: Unified SASE as a Service.” For a full drill down, please give the accompanying podcast a listen

We discussed how the SASE market has shifted post Covid 19. Early SASE solutions often stitched together disparate networking and security products resulting in operational inefficiencies, Rutsky told me.

News Alert: 1inch partners with Blockaid to enhance Web3 security through the 1inch Shield

Dubai, UAE, June 20, 2024, CyberNewsWire — 1inch, a leading DeFi aggregator that provides advanced security solutions to users across the entire space, has announced today the launch of the 1inch Shield.

This solution, that is offering enhanced protection against a wide range of potential threats, was completed in partnership with Blockaid, a major provider of Web3 security tools.

Scam tokens masquerading as legitimate assets have long been creating problems for Web3 users. Now, due to collaboration with Blockaid, all tokens of this kind will be instantly detected and marked, so that users can avoid transacting with these tokens.

Speaking about the partnership, Sergej Kunz, co-founder of 1inch, said, “The collaboration between Blockaid and 1inch is anticipated to set a new standard for security in the cryptocurrency landscape. By combining Blockaid’s innovative security solutions with the 1inch’s advanced features, this partnership aims to enhance user safety and asset protection, contributing to the growth and mainstream adoption of DeFi.”

News Alert: INE Security lays out strategies for optimizing security teams to mitigate AI risks

Cary, NC, June 20, 2024, CyberNewsWire — 2024 is rapidly shaping up to be a defining year in generative AI.

While 2023 saw its emergence as a potent new technology, business leaders are now grappling with how to best leverage its transformative power to grow efficiency, security, and revenue. With the near-universal integration of AI into global technology, the need for AI-ready cybersecurity teams is more critical than ever.

INE Security, a leading global cybersecurity training and cybersecurity certification provider, predicts large language model (LLM) applications like chatbots and AI-drive virtual assistants will be at particular risk.

“AI systems are invaluable, enabling us to process vast amounts of data with unmatched speed and accuracy, detect anomalies, predict threats, and respond to incidents in real-time. But these revolutionary technologies are also empowering attackers, leveling the playing field in unprecedented ways,” said Lindsey Rinehart, COO and Head of AI Integration at INE Security. “As automated attacks increase, our defense strategies must also be automated and intelligent. The accelerating arms race between cyber attackers and defenders underscores the vital need for ongoing training and development for cybersecurity teams.”

RSAC Fireside Chat: Tightened budgets impose discipline on CISOs, resets security investments

By Byron V. Acohido

CISOs have been on something of a wild roller coaster ride the past few years.

Related: Why breaches persist

When Covid 19 hit in early 2020, the need to secure company networks in a new way led to panic spending on cybersecurity tools. Given carte blanche, many CISOs purchased a hodge podge of unproven point solutions, adding to complexity.

By mid-2022, with interest rates climbing and the stock market cratering, CFOs began demanding proof of a reasonable return on investment. Today, with purse strings tightened – and cyber risks and compliance pressures mounting — CISOs must recalibrate.

I had a fascinating discussion about this with Ryan Benevides, a principal at WestCap, the growth equity firm founded by Laurence Tosi, former CFO of Blackstone and Airbnb. WestCap’s cybersecurity partnerships  includes HUMAN Security, Bishop Fox and Dragos.

Benevides shared his perspective of how the cybersecurity realm has become saturated with over 4,000 venture-backed vendors who are under tighter scrutiny as well. For a full drill down, please give the accompanying podcast a listen.

NEWS ANALYSIS Q&A: Striving for contextual understanding as digital transformation plays out

By Byron V. Acohido

The tectonic shift of network security is gaining momentum, yet this transformation continues to lag far behind the accelerating pace of change in the operating environment.

Related: The advance of LLMs

For at least the past decade, the cybersecurity industry has been bending away from rules-based defenses designed to defend on-premises data centers and leaning more into tightly integrated and highly adaptable cyber defenses directed at the cloud edge.

I first tapped Gunter Ollmann’s insights about botnets and evolving malware some 20 years when he was a VP Research at Damballa and I was covering Microsoft for USA TODAY. Today, Ollmann is the CTO of IOActive, a Seattle-based cybersecurity firm specializing in full-stack vulnerability assessments, penetration testing and security consulting. We recently reconnected. Here’s what we discussed, edited for clarity and length?

LW: In what ways are rules-driven cybersecurity solutions being supplanted by context-based solutions?

Ollmann: I wouldn’t describe rules-based solutions as being supplanted by context-based systems. It’s the dimensionality of the rules and the number of parameters consumed by the rules that have expanded to such an extent that a broad enough contextual understanding is achieved. Perhaps the biggest change lies in the way the rules are generated and maintained, where once a pool of highly skilled and experienced cybersecurity analysts iterated and codified actions as lovingly-maintained rules, today big data systems power machine learning systems to train complex classifiers and models. These complex models now adapt to the environments they’re deployed in without requiring a pool of analyst talent to tweak and tune.

RSAC Fireside Chat: Here’s what it will take to achieve Digital Trust in our hyper-connected future

By Byron V. Acohido

Confidence in the privacy and security of hyper-connected digital services is an obvious must have.

Related: NIST’s  quantum-resistant crypto

Yet, Digital Trust today is not anywhere near the level it needs to be. At RSAC 2024 I had a wide-ranging conversation with DigiCert CEO Amit Sinha all about why Digital Trust has proven to be so elusive. For a full drill down, please give the accompanying podcast a listen.

We spoke about how the Public Key Infrastructure (PKI) has come under pressure. PKI and digital certificates provide the essential framework for authenticating identities, encrypting communications and ensuring data integrity.

However, with the shift to remote work and the proliferation of Internet of Things systems, the complexity of maintaining a fundamental level of trust in digital services has risen exponentially.

And that curve will only steepen as GenAI/LLM services ramp up and quantum computers get mainstreamed, Sinha observed.

RSAC Fireside Chat: VISO TRUST replaces questionaires with AI analysis to advance ‘TPRM’

By Byron V. Acohido

Taking stock of exposures arising from the data-handling practices of third-party suppliers was never simple.

Related: Europe requires corporate sustainability

In a hyper-connected, widely-distributed operating environment the challenge has become daunting.

At RSAC 2024, I visited with Paul Valente, co-founder and CEO of VISO TRUST. We had a wide-ranging discussion about the limitations of traditional third-party risk management (TPRM), which uses extensive questionnaires—and the honor system – to judge the security posture of third-party suppliers. For a full drill down, please give the accompanying podcast a listen.

VISO TRUST launched in 2020 to introduce a patented approach, called Artifact Intelligence, to automate the assessment of third-party risks. This method employs natural language processing (NLP) and various machine learning models, including large language model (LLM) to automate the assessment of third-party risks, Valente told me.

The benefits of advanced TPRM technologies extend beyond implementing these audits much more efficiently and effectively at scale. Valente cited how a customer, Illumio, is  leveraging Artifact Intelligence to conduct vendor assessments very early in the procurement process, significantly enhancing decision-making and avoiding high-risk relationships.