Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Top Stories

 

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

By Byron V. Acohido

The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen.

Related: Demystifying ‘DSPM’

This was my nineteenth RSAC. I attended my first one in 2004, while covering Microsoft for USA TODAY. It certainly was terrific to see the cybersecurity industry’s premier trade event fully restored to its pre-Covid grandeur at San Francisco’s Moscone Center last week.

Rising from the din of 625 vendors, 700 speakers and 26,000 attendees came the clarion call for a new tier of overlapping, interoperable, highly automated security platforms needed to carry us forward.

Defense-in-depth remains a mantra — but implemented much differently than the defense-in- depth strategies of the first decade and a half of this century. Machine learning, automation and interoperability must take over and several new security layers must coalesce and interweave to protect the edge.

Getting a grip on identities

To keep the momentum going, business rivals and regulators are going to have to find meaningful ways to co-ordinate and cooperate at an unprecedented level. Here are four evolving themes reverberating from RSAC 2023 that struck me:

Password enabled access will endure for the foreseeable future.

RSAC Fireside Chat: Turning full attention to locking down the security of ‘open source’

By Byron V. Acohido

Software composition analysis — SCA – is a layer of the security stack that, more so than ever, plays a prominent role in protecting modern business networks.

Related: All you should know about open-source exposures

This is especially true as software developers increasingly rely on generic open source and commercial components to innovate in hyperkinetic DevOps and CI/CD mode. Open source coding has come to dominate business software applications; rising to comprise 75 percent of audited code bases and putting open source on a trajectory to become a $50 billion subsector of technology by 2026.

As RSA Conference 2023 gets underway today at San Francisco’s Moscone Center, advanced ways to secure open source components is getting a good deal of attention.

Guest expert: Rami Sass, CEO, Mend

The infamous SolarWinds breach put a spotlight on the risk of malicious open-source components, and the White House has put its weight behind software supply chain best practices.

I had the chance to visit with Rami Sass, CEO of Mend, a Tel Aviv-based supplier of automated remediation technologies designed to help keep open source components as secure as possible. For a full drill down on our conversation please give the accompanying podcast a listen.

Sass filled me in about a trend that started about two and a half years ago; he noted that bad actors have turned their full attention to seeking out and exploiting fresh vulnerabilities in fully updated open-source components in live service.

Mend and other SCA solution vendors are stepping up their game to counter this trend. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Guest essay: A roadmap for how — and why — all MSSPs should embrace live patching

By Jim Jackson

Patch management has always been time-consuming and arduous. But it gets done, at least to some degree, simply because patching is so crucial to a robust cybersecurity posture. Patch programs are rarely perfect though, and imperfect patching arguably enables successful cybersecurity breaches – it’s an ever-growing concern for countless IT teams.

Related: MSSPs shift to deeper help

Managed Security Service Providers (MSSPs) do their best to patch their client’s systems while also juggling a long list of other tasks associated with developing, monitoring, and maintaining their client’s overall security and compliance program.

The resources an MSSP can dedicate to patching are, however, limited: MSSPs operate within a fixed client servicing budget, and no client will accept being billed whenever a vulnerability needs to be patched.

To patch or not to patch?

It poses a huge conundrum for MSSPs: patching everything everywhere sounds like a great idea because, after all, a single failure to patch can lead to a breach. Thorough patching means secure client systems. But patching that thoroughly isn’t economical. Some vulnerabilities are more critical – and some systems are more central to operations than others.

There is a balance to strike, but choosing where to prioritize is a tough call. Absent a game-changing technology the best solution would be to simply throw more resources at the patching problem, but that would drive up costs for MSSPs which could lead them to become uncompetitive.

RSAC Fireside Chat: Here’s why companies are increasingly turning to MSSPs for deeper help

By Byron V. Acohido

Managed Security Service Providers, MSSPs, have been around for some time now as a resource to help companies operate more securely.

Related: CMMC mandates best security practices

Demand for richer MSSP services was already growing at a rapid pace, as digital transformation gained traction – and then spiked in the aftermath of Covid 19. By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.

At RSA Conference 2023 , which gets underway next week at San Francisco’s Moscone Center, I expect that there’ll be buzz aplenty about the much larger role MSSPs seem destined to play.

I had the chance to visit with Geoff Haydon, CEO of Ontinue, a Zurich-based supplier of a managed extended detection and response (MXDR) service. We discussed the drivers supporting the burgeoning MSSP market, as well as where innovation could take this trend.

Guest expert: Geoff Haydon, CEO, Ontinue

For its part, Ontinue is leveraging Microsoft collaboration and security tools and making dedicated cyber advisors available to partner with its clients. “Microsoft has emerged as the largest, most important cybersecurity company on the planet,” Haydon told me. “And they’re also developing business applications that are very conducive to delivering and enriching a cyber security program.”e

I covered Microsoft as a USA TODAY technology reporter when Bill Gates suddenly ‘got’ cybersecurity, so this part of our discussion was especially fascinating. For a drill down, please give the accompanying podcast a listen. Meanwhile, I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

RSAC Fireside Chat: Cybersixgill crawls the Dark Web to uncover earliest signs of companies at risk

By Byron V. Acohido

Adopting personas and rubbing elbows with criminal hackers and fraudsters is a tried-and-true way to glean intel in the Dark Web.

Related: In pursuit of a security culture

It’s not at all unusual to find law enforcement agents and private sector threat intelligence analysts concocting aliases that permit them to lurk in unindexed forums, vetted message boards and encrypted code repositories.

This boots in the underground approach, of course, has its limitations.

At RSA Conference 2023 , which gets underway on Monday, Apr. 24, at San Francisco’s Moscone Center, the latest innovations in gathering and leveraging intel — at a scale that can make a material difference — will be in the spotlight.

I had the chance to visit with Delilah Schwartz, security strategist at Cybersixgill, a Tel Aviv-based cybersecurity company that supplies this type of threat intelligence.

Guest expert: Delilah Schwartz, security strategist, Cybersixgill

We discussed how her company is leveraging essentially the same automated crawling tools and techniques used by the big search engines to gather and supply actionable threat intelligence to its customers.

“We gain fully automated access to these very difficult to navigate Dark Web platforms, extract that useful intel, analyze it using AI and ML, and then we translate that into concrete insights in our data lake,” Schwartz says.

For a drill down, please give the accompanying podcast a listen. Good intel can only help inform smarter, more effect network defenses – and ultimately reinforce resiliency.

I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

 

RSAC Fireside Chat: How timely intel from the cyber underground improves counter measures

By Byron V. Acohido

Good intelligence in any theater of war is invaluable. Timely, accurate intel is the basis of a robust defense and can inform potent counterattacks.

Related: Ukraine hit by amplified DDoS

This was the case during World War II in The Battle of Midway and at the Battle of the Bulge and it holds true today in the Dark Web. The cyber underground has become a highly dynamic combat zone in which cyber criminals use engrained mechanisms to shroud communications.

That said, there are also many opportunities for companies to glean and leverage helpful intel from the Dark Web. As RSA Conference 2023 gets underway next week at San Francisco’s Moscone Center, advanced ways to gather and infuse cyber threat intelligence, or CTI, into fast-evolving network defenses is in the spotlight.

I had the chance to visit with Jason Passwaters, CEO of Intel 471, a US-based supplier of cyber threat intelligence solutions.

Guest expert: Jason Passwaters, CEO, Intel 471

We discussed how the cyber underground has shifted from being perceived as deep and dark to a well-organized world with defined business models, supply chains, and relatively low barrier of entry.

“As the cyber underground becomes more sophisticated, the level of threat increases exponentially for legitimate businesses and nation-states,” Passwaters told me. “The underground is now the domain of organized cybercriminals with clear hierarchies and targeted revenue goals.”

Intel 471 directs comprehensive threat intelligence at identifying, prioritizing and preventing cyber attacks. For a full drill down, please give the accompanying podcast a listen. Good intel in warfare can’t be overstated. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

RSAC Fireside Chat: StackHawk helps move the application security needle to ‘shift everywhere’

By Byron V. Acohido

Embedding security into the highly dynamic way new software gets created and put into service — on the fly, by leveraging ephemeral APIs — has proven to be a daunting challenge.

Related: The fallacy of ‘security-as-a-cost-center’

Multitudes of security flaws quite naturally turn up – and threat actors have become adept at systematically discovering and exploiting these fresh vulnerabilities.

As RSA Conference 2023 gets underway next week at San Francisco’s Moscone Center, advanced application security and API security tools and practices are grabbing a lot of attention.

I had the chance to visit with Scott Gerlach, chief security officer and co-founder of StackHawk, a Denver-based software company launched in 2019 to join the phalanx of vendors innovating like crazy to dial-in meaningful code checks, in just the right measure, at just the right moment.

Guest expert: Scott Gerlach, CSO, StackHawk

We had a great conversation about how the venerable “shift left” security philosophy is being refined so that it better aligns with the way software gets developed today – at light speed. This has led to security vendors, StackHawk among them, putting great energy into weaving security more tightly into DevOps, CICD and more.

“Shift left still applies because you do want to get security processes into the left side where you design, develop, test and deploy,” Gerlach told me. “But it’s really about how can we get security information closer to the people who are writing code, changing code and fixing code.”

In short, “shift everywhere” is the new “shift left.” For a full drill down, please give the accompanying podcast a listen. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)