Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

By Byron V. Acohido

So NortonLifeLock has acquired Avast for more than $8 billion.

This deal reads like to the epilogue to a book titled The First 20 Years of the Supremely Lucrative Antivirus Market. Way back in 1990, Symantec acquired Norton Utilities and made Norton the heart of its antivirus subscription offering.

Related: The coming of ubiquitous passwordless access

This was around the same time antivirus vendors like Trend Micro, McAfee, Kaspersky, ESET, Sophos, Bitdefender, Avira, AVG and Avast were staking out turf in what they saw, very accurately, as a profitable new software subscription market.

A lot of water has flowed under the bridge since then. Norton got ‘demergered’ from Symantec in 2014 and then acquired LifeLock for $2.3 billion in 2017; Avast acquired AVG  for $1.3 billion in 2016, for instance.

Meanwhile, native security is increasingly being built into popular operating systems, and there’s a trend toward beefing up application security, as well. These are eminently complex times. Companies are migrating to the cloud IT; consumers are working from home much more often.

NortonLifeLock and Avast appear to be betting on the next iteration of the huge and longstanding consumer antivirus market. Last Watchdog asked Forrester analyst Allie Mellen to connect the dots –- and clarify the significance — for individual consumers:

Author Q&A: In modern cyberwarfare ‘information security’ is one in the same with ‘national security’

By Byron V. Acohido

What exactly constitutes cyberwarfare?

The answer is not easy to pin down. On one hand, one could argue that cyber criminals are waging an increasingly debilitating economic war on consumers and businesses in the form of account hijacking, fraud, and extortion. Meanwhile, nation-states — the superpowers and second-tier nations alike — are hotly pursuing strategic advantage by stealing intellectual property, hacking into industrial controls, and dispersing political propaganda at an unheard-of scale.

Related: Experts react to Biden’s cybersecurity executive order

Now comes a book by John Arquilla, titled Bitskrieg: The New Challenge of Cyberwarfare, that lays out who’s doing what, and why, in terms of malicious use of digital resources connected over the Internet. Arquilla is a distinguished professor of defense analysis at the United States Naval Postgraduate School. He coined the term ‘cyberwar,’ along with David Ronfeldt, over 20 years ago and is a leading expert on the threats posed by cyber technologies to national security.

Bitskrieg gives substance to, and connects the dots between, a couple of assertions that have become axiomatic:

•Military might no longer has primacy. It used to be the biggest, loudest weapons prevailed and prosperous nations waged military campaigns to achieve physically measurable gains. Today, tactical cyber strikes can come from a variety of operatives – and they may have mixed motives, only one of which happens to be helping a nation-state achieve a geo-political objective.

•Information is weaponizable. This is truer today than ever before. Arquilla references nuanced milestones from World War II to make this point – and get you thinking. For instance, he points out how John Steinbeck used a work of fiction to help stir the resistance movement across Europe.

Steinbeck’s imaginative novel, The Moon is Down, evocatively portrayed how ordinary Norwegians took extraordinary measures to disrupt Nazi occupation. This reference got me thinking about how Donald Trump used social media to stir the Jan. 6 insurrection in … more

Black Hat insights: How to shift security-by-design to the right, instead of left, with SBOM, deep audits

By Byron V. Acohido

There is a well-established business practice referred to as bill of materials, or BOM, that is a big reason why we can trust that a can of soup isn’t toxic or that the jetliner we’re about to board won’t fail catastrophically

Related: Experts react to Biden cybersecurity executive order

A bill of materials is a complete list of the components used to manufacture a product. The software industry has something called SBOM: software bill of materials. However, SBOMs are rudimentary when compared to the BOMs associated with manufacturing just about everything else we expect to be safe and secure: food, buildings, medical equipment, medicines and transportation vehicles.

An effort to bring SBOMs up to par is gaining steam and getting a lot of attention at Black Hat USA 2021 this week in Las Vegas. President Biden’s cybersecurity executive order, issued in May, includes a detailed SBOM requirement for all software delivered to the federal government.

ReversingLabs, a Cambridge, MA-based software vendor that helps companies conduct deep analysis of new apps just before they go out the door, is in the thick of this development. I had the chance to visit with its co-founder and chief software architect Tomislav Pericin. For a full drill down on our discussion please give the accompanying podcast a listen. Here are the big takeaways:

Gordian Knot challenge

The software industry is fully cognizant of the core value of a bill of materials and has been striving for a number of years to adapt it to software development.

Black Hat insights: Deploying ‘human sensors’ to reinforce phishing email detection and response

By Byron V. Acohido

Human beings remain the prime target in the vast majority of malicious attempts to breach company networks.

Related: Stealth tactics leveraged to weaponize email

Cybersecurity awareness training is valuable and has its place. Yet as Black Hat USA 2021 returns today as a live event in Las Vegas, it remains so true that we can always be fooled — and that the prime vehicle for hornswoggling us remains phishing messages sent via business email.

Cofense, a Leesburg, VA-supplier of phishing detection and response solutions, has set out to take another human trait – our innate willingness to help out, if we can — and systematically leverage our better instincts to help fix this while combining advanced automation technology to stop phishing attacks fast.

I had a lively discussion about this with Rohyt Belani, co-founder and CEO of Cofense, which started out as PhishMe in 2011.

Inspired by Homeland Security’s see-something-say-something anti-terrorism initiative, as well as by crowd-sourcing services like Waze, Cofense has set out to squash those phishing messages that circumvent Security Email Gateways and fool even well-intentioned employees. It is doing this essentially by training and encouraging employees, not just to be on high alert for phishing ruses, but also to deliver useful reconnaissance from the combat zone.

Black Hat insights: WAFs are getting much more dynamic making them well-suited to protect SMBs

By Byron V. Acohido

A cornucopia of cybersecurity solutions went on public display today as Black Hat USA 2021 convened once more as a live event in Las Vegas.

Related: Kaseya hack raises more supply chain worries

For small- and mid-sized businesses (SMBs) cutting through the marketing hype can be daunting. That said, there is one venerable technology – web application firewalls (WAFs) – that is emerging as a perfect fit for SMBs in today’s environment, as all companies shift to a deeper reliance on cloud services and mobile apps.

I had the chance to get into the weeds of this trend with Venky Sundar, co-founder and chief marketing officer of Indusface, a Bengalura, India-based supplier of  cloud-hosted WAF services (Indusface has numerous enterprise deployments and also offers the same protections, cost-effectively, to SMBs.)

For a full drill down on our discussion, please give the accompanying podcast a listen. Here are the big takeaways:

WAF resurgence

Web apps and mobile apps are where they action is. SMBs must continually come up with cool new apps to stay competitive; it’s no surprise that this is also where threat actors are focusing their attention.

Criminal hacking rings are carrying out big sweeps, 24X7, hunting for well-known application vulnerabilities that they can manipulate to breach company networks. WAFs help companies keep track of these malicious probes by scanning incoming HTTPS traffic and taking note of parameters such as IP address, port routing, cookie data and incoming data.

The knock on WAFs for many years has been that while they are excellent at parsing HTTPS traffic, all too many companies choose not to instruct their WAFs to actually block any traffic that might be malicious.

Black Hat insights: All-powerful developers begin steering to the promise land of automated security

By Byron V. Acohido

Software developers have become the masters of the digital universe.

Related: GraphQL APIs pose new risks

Companies in the throes of digital transformation are in hot pursuit of agile software and this has elevated developers to the top of the food chain in computing.

There is an argument to be made that agility-minded developers, in fact, are in a terrific position to champion the rearchitecting of Enterprise security that’s sure to play out over the next few years — much more so than methodical, status-quo-minded security engineers.

With Black Hat USA 2021 reconvening in Las Vegas this week, I had a deep discussion about this with Himanshu Dwivedi, founder and chief executive officer, and Doug Dooley, chief operating officer, of Data Theorem, a Palo Alto, CA-based supplier of a SaaS security platform to help companies secure their APIs and modern applications.

For a full drill down on this evocative conversation discussion please view the accompanying video. Here are the highlights, edited for clarity and length:

LW:  Bad actors today are seeking out APIs that they can manipulate, and then they follow the data flow to a weakly protected asset. Can you frame how we got here?

Dwivedi: So 20 years ago, as a hacker, I’d go see where a company registered its IP. I’d do an ARIN Whois look-up. I’d profile their network and build an attack tree. Fast forward 20 years and everything is in the cloud. Everything is in Amazon Web Services, Google Cloud Platform or Microsoft Azure and I can’t tell where anything is hosted based solely on IP registration.

So as a hacker today, I’m no longer looking for a cross-site scripting issue of some website since I can only attack one person at a time with that. I’m looking at the client, which could be an IoT device, or a mobile app or a single page web app (SPA) or it could be an … more

Black Hat insights: The retooling of SOAR to fit as the automation core protecting evolving networks

By Byron V. Acohido

In less than a decade, SOAR — security orchestration, automation and response — has rapidly matured into an engrained component of the security technology stack in many enterprises.

Related: Equipping SOCs for the long haul

SOAR has done much since it entered the cybersecurity lexicon to relieve the cybersecurity skills shortage. SOAR leverages automation and machine learning to correlate telemetry flooding in from multiple security systems. This dramatically reduces the manual labor required to do a first-level sifting of the data inundating modern business networks

However, SOAR has potential to do so much more, observes Cody Cornell, chief strategy officer and co-founder of Swimlane. SOAR, he argues, is in a position to arise as a tool that can help companies make the pivot to high-reliance on cloud-centric IT infrastructure. At the moment, a lot of organizations are in this boat.

“Covid 19 turned out to be the best digital transformation initiative ever,” Cornell says. “It forced us to do things that probably would’ve taken many more years for us to do, in terms of adopting to remote work and transitioning to cloud services.”

Swimlane, which launched in 2014 and is based in Denver, finds itself in the vanguard of cybersecurity vendors hustling to retool not just SOAR, but also security operations centers (SOCs,) security information and event management (SIEM) systems, and endpoint detection and response (EDR) tools. A core theme at RSA 2021 earlier this year – and at Black Hat USA 2021, taking place this week in Las Vegas – is that the combining of these and other security systems is inevitable and will end up resulting in something greater than the parts, i.e. not just more efficacious security, but optimized business networks overall.