Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Videos

 

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

By Byron V. Acohido

The Internet of Everything (IoE) is on the near horizon.

Related: Raising the bar for smart homes

Our reliance on artificially intelligent software is deepening, signaling an era, just ahead, of great leaps forward for humankind.

We would not be at this juncture without corresponding advances on the hardware side of the house. For instance, very visibly over the past decade, Internet of Things (IoT) computing devices and sensors have become embedded everywhere.

Not as noticeably, but perhaps even more crucially, big advances have been made in semiconductors, the chips that route electrical current in everything from our phones and laptops to automobile components and industrial plant controls.

I recently visited with Thomas Rosteck, Division President of Connected Secure Systems (CSS) at Infineon Technologies, a global semiconductor manufacturer based in Neubiberg, Germany. We discussed how the Internet of Things, to date, has been all about enabling humans to leverage smart devices for personal convenience.

“What has changed in just the past year is that things are now starting to talk to other things,” Rosteck observes. “Smart devices and IoT systems are beginning to interconnect with each other and this is only going to continue.”

MY TAKE: Why the Matter smart home standard portends the coming of the Internet of Everything

By Byron V. Acohido

Standards. Where would we be without them?

Universally accepted protocols give us confidence that our buildings, utilities, vehicles, food and medicines are uniformly safe and trustworthy. At this moment, we’re in dire need of implementing standards designed to make digital services as private and secure as they need to be.

Related: How matter addresses vulnerabilities of smart home devices

A breakthrough is about to happen with the roll out this fall of Matter, a new home automation connectivity standard backed by Amazon, Apple, Google, Comcast and others.

Matter is intended to be the lingua franca for the Internet of Things. It’s only a first step and there’s a long way to go. That said, Matter is an important stake in the ground. To get a full grasp on why Matter matters, I recently visited with Steve Hanna, distinguished engineer at Infineon Technologies, a global semiconductor manufacturer based in Neubiberg, Germany.

For a full drill down on our evocative discussion, please watch the accompanying videocast. Here are the main takeaways:

FIRESIDE CHAT: All-powerful developers begin steering to the promise land of automated security

By Byron V. Acohido

Software developers have become the masters of the digital universe.

Related: GraphQL APIs pose new risks

Companies in the throes of digital transformation are in hot pursuit of agile software and this has elevated developers to the top of the food chain in computing.

There is an argument to be made that agility-minded developers, in fact, are in a terrific position to champion the rearchitecting of Enterprise security that’s sure to play out over the next few years — much more so than methodical, status-quo-minded security engineers.

With Black Hat USA 2021 reconvening in Las Vegas this week, I had a deep discussion about this with Himanshu Dwivedi, founder and chief executive officer, and Doug Dooley, chief operating officer, of Data Theorem, a Palo Alto, CA-based supplier of a SaaS security platform to help companies secure their APIs and modern applications.

For a full drill down on this evocative conversation discussion please view the accompanying video. Here are the highlights, edited for clarity and length:

LW:  Bad actors today are seeking out APIs that they can manipulate, and then they follow the data flow to a weakly protected asset. Can you frame how we got here?

Dwivedi: So 20 years ago, as a hacker, I’d go see where a company registered its IP. I’d do an ARIN Whois look-up. I’d profile their network and build an attack tree. Fast forward 20 years and everything is in the cloud. Everything is in Amazon Web Services, Google Cloud Platform or Microsoft Azure and I can’t tell where anything is hosted based solely on IP registration.

So as a hacker today, I’m no longer looking for a cross-site scripting issue of some website since I can only attack one person at a time with that. I’m looking at the client, which could be an IoT device, or a mobile app or a single page web app (SPA) or it could be an … more

FIRESIDE CHAT: The drivers behind the stark rise — and security implications — of ‘memory attacks’

By Byron V. Acohido

A distinctive class of hacking is rising to the fore and is being leveraged by threat actors to carry out deep, highly resilient intrusions of well-defended company networks.

Related: Memory hacking becomes a go-to tactic

These attacks are referred to in the security community as “fileless attacks” or “memory attacks.” The latter conveys a more precise picture: memory hacking refers to a broad set of practices, which can include fileless attacks, that constitute this go-deep form of network break-ins.

I had the chance at RSA 2019 to discuss memory hacking with Willy Leichter, vice president of marketing, and Shauntinez Jakab, director of product marketing, at Virsec, a San Jose-based supplier of advanced application security and memory protection technologies.

They walked me through how threat actors are cleverly slipping snippets of malicious code past perimeter defenses and then executing their payloads  – undetected while applications are live, running in process memory.

For a long time, memory hacking was the exclusive province of nation-state backed operatives. But over the past couple of years, memory attacks have come into regular use by common cybercriminals. Garden-variety threat actors are now leveraging memory hacking tools and techniques to gain footholds, move laterally and achieve persistence deep inside well-defended networks.

For a comprehensive drill down, please view the accompanying YouTube video of my full interview with Leichter and Jakab at RSA 2019’s broadcast alley. Here are excerpts, edited for clarity and length:

LW: Can you frame this new class of hacking?

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

By Byron V. Acohido

Cyber criminals are deploying the very latest in automated weaponry, namely botnets, to financially plunder corporate networks.

The attackers have a vast, pliable attack surface to bombard: essentially all of the externally-facing web apps, mobile apps and API services that organizations are increasingly embracing, in order to stay in step with digital transformation.

Related: The ‘Golden Age’ of cyber espionage is upon us

The nonstop intensity of these attacks is vividly illustrated by the fact that malicious bot communications now account for one-third of total Internet traffic. Cybersecurity vendors, of course, have been responding. Established web application firewall  (WAF) suppliers like Imperva, F5 and Akamai are hustling to strengthen their respective platforms. And innovation is percolating among newer entrants, like PerimeterX, Shape Security and Signal Sciences.

This week a new entrant in this field, Cequence Security, formally launched what it describes as a “game-changing” application security platform. I had the chance to sit down with CEO Larry Link to discuss what Cequence is up to, and why it believes it can help enterprises detect and mitigate bot attacks, without unduly disrupting the speed and flexibility they’d like to extract from digital-centric operations. Here are takeaways from our discussion:

The botnet problem

According to Gemalto’s Breach Level Index, 3.3 billion data records were compromised worldwide in the first half of 2018 – a 72 percent rise in the number of lost, stolen or compromised records reported in the first six months of 2017. Vulnerable online apps and services factored in as a primary target of automated botnet attacks. This activity can be seen at any moment of any day by examining the volume of malicious botnet traffic moving across the Internet.

A bot is a computing nodule with a small bit of coding that causes it to obey instructions from a command and control server.

FIRESIDE CHAT: The way forward, despite overwhelming cyber threats

By Byron V. Acohido

NEW YORK CITY – Cyber Connect 2017 cybersecurity summit that just wrapped up at the beautiful Grand Hyatt located adjacent to Grand Central Station here in the Big Apple. I got the chance to be on the other side of the interview, sitting down with John Furrier and David Vellante, co-hosts of The Cube. We did it live; here’s the recorded stream.

VIDEO: Tempered Networks introduces ‘identity-based networking’

By Byron V. Acohido

Tempered Networks got its start by taking a unique approach toward locking down the industrial control systems (ICS) used at the Boeing Co.’s airplane manufacturing plants.

The problem Boeing was trying to solve at the time turns out to be much the same as the puzzle organizations of all types face today: How do you ingrain security into complex hybrid networks without completely throwing out legacy systems.

Striking that balance in the age of cloud computing and the Internet of Everything is crucial to empowering employees to securely and productively leverage modern IT systems. “Security is great, but business has to run,” says Marc Kaplan, vice president of security architecture and services at Seattle-based Tempered Networks.

ICS technologies predate the internet. So those used in manufacturing plants, utility plants and transportation systems remain a huge security challenge. The rising dominance of cloud computing and mobile devices to run modern-day networks has exposed ICS controls, in particular, to threat actors.

Boeing, for instance, found it challenging to assure security of its industrial controls while also maintaining a high pace of jetliner production. “They had to find a way to identify and separate systems from each other,” Kaplan says. The solution came in the form of an innovative protocol—called HIP, host identity protocol—developed by Ericsson and sponsored by Boeing and the U.S. Navy.

Stability and security

“Essentially, it’s an overlay, so an environment can keep running the systems it ran before,” he says. It’s an identity-based network, an architecture that “rides above” an established system, without changing fundamental system attributes.

Related article: Critical infrastructure attacks remain clear and present danger

It was an important breakthrough, since most industries are reluctant to make wholesale changes to legacy systems that are working. In today’s banking sector, for example, “these systems run very old code, and for good reason,” Kaplan says. “They’re very stable; the upgrading is a high risk.

Marc Kaplan, Tempered Networks vice … more