Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Q&A: How EventTracker breathes new life into SIEMs — by co-managing company systems

By Byron V. Acohido

Security information and event management systems – aka SIEMs — arrived in the corporate environment some 13 years ago holding much promise.

Related article: WannaCry revives self-spreading viruses

SIEMs hoovered up anything that might be a security issue in real-time from various event and data sources. Companies could pump in all of the data traffic crisscrossing their networks, and out the other end would come intelligence about anything deemed suspicious.

Despite growing into a multi-billion dollar market, SIEMs never really lived up to the early hype. The knock on SIEMs is two-fold. First, they haven’t kept pace with the advancing complexity of business networks, such as the rise of cloud systems, mobile and IoT. And, second, SIEMs, to be truly effective, must be nurtured daily by human security analysts, who happen to be in very short supply.

One of the cybersecurity vendors I met with at RSA Conference 2018, EventTracker, a Netsurion company, aims to remove much of the frustration of operating SIEMs. EventTracker  has set out to help mid-sized enterprises overcome SIEMs’ intrinsic shortcomings, and thus breathe new life into this comparatively old technology.

I sat down with EventTracker CEO A.N. Ananth who walked me through his company’s business model, which revolves around supplying a “co-managed” SIEM service. For a full drill down, please listen to the accompanying podcast. Here are excerpts, edited for clarity and length. …more

Will GDPR usher in a new paradigm for how companies treat consumers’ online privacy?

By Byron V. Acohido

Back in 2001, Eric Schmidt, then Google’s CEO, described the search giant’s privacy policy as “getting right up to the creepy line and not crossing it.

Well, Europe has now demarcated the creepy line – and it is well in favor of its individual citizens. The General Data Protection Regulation, or GDPR, elevates the privacy rights of individuals and imposes steep cash penalties for companies that cross the creepy line – now defined in specific detail.

Related article: Zuckerberg’s mea culpa reveals reprehensible privacy practices

Europe’s revised online privacy regulations took effect last Friday. European businesses are bracing for disruption – and U.S. companies won’t be immune to the blowback. There are more than 4,000 U.S. companies doing business in Europe, including many small and midsize businesses. All of them, from Google, Facebook and Microsoft, down to mom-and-pop wholesalers and service providers, now must comply with Europe’s new rules for respecting an individual’s online privacy.

The EU is expected to levy GDPR fines totaling more than $6 billion in the next 12 months, an estimate put out by insurance giant Marsh & McLennan. As these penalties get dished out, senior management will become very uncomfortable; they’ll be forced to assume greater responsibility for cybersecurity and privacy, and not just leave it up to the IT department.

This is all unfolding as companies globally are racing to embrace digital transformation – the leveraging of cloud services, mobile computing and the Internet of Things to boost innovation and profitability. In such a heady business environment, a regulatory hammer was necessary to give companies pause to consider the deeper implications of poorly defending their networks and taking a cavalier attitude toward sensitive personal data. …more

Preempt stakes out turf as supplier of ‘Continuous Adaptive Risk and Trust Assessment’ technology

By Byron V. Acohido

Defending modern business networks continues to rise in complexity seemingly minute by minute. Perimeter defenses are woefully inadequate, and traditional tactics, like blacklisting and malware detection, are proving to be increasingly ineffective.

Protecting business networks today requires a framework of defenses. Leading tech research firm Gartner has even contrived a new buzz phrase for the required approach: “Continuous Adaptive Risk and Trust Assessment,” or CARTA.

Related article: The threat of ‘shadow admins’

I had the chance to visit recently with Ajit Sancheti, co-founder and CEO of a startup called Preempt, which has positioned itself in the vanguard of CARTA system suppliers. For a full drill down on our conversation please listen to the accompanying podcast. Here are excerpts edited for clarity and length:

LW: You’ve described Preempt as taking an identity-centric approach to security and threat prevention. Please explain.

Sancheti: Identity is the new perimeter. Think about how we now have a mix of enterprise networks being on cloud, non-cloud in enterprise data centers, and cloud hybrids. The only entity you can control is the user. If you can figure out the risk profile of users at a given time and continue to build on those profiles over time, then based on their identity, their behavior, and the importance of the asset they are trying to access, then you can actually take real-time security actions to ensure that the person who’s getting the access is who they say they are.

LW: Can you frame the problem of threat actors using legit Windows tools to wreak havoc? …more

Can Cisco, FBI stop Russia from deploying VPNFilter to interfere with U.S. elections?

By Byron V. Acohido

KINGSTON, WA – NewsWrap 23May2018.  Cisco’s Talos cyber intelligence unit today said that it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, to launch destructive attacks on Ukraine.

Related article: How Russian bots supported Nunes memo

Talos researchers disclosed that VPNFilter has :

•Infected 500,000 routers and networking devices 54 countries.

•Is capable of stealing website credentials and monitoring industrial controls

•Can render any router or other devices it infects inoperable

•Can be used for espionage or to disrupt internet communications

Cisco appears to be working very closely with U.S law enforcement on this. The FBI also announced Wednesday that they’ve seized one of the primary domains the Russians have been using to distribute VPNFilter malware.

Safe to assume Russia has backup domains – and isn’t about to just abandon VPNFilter. So the key, going forward, is for Cisco and the FBI to stay a step ahead. It is vital to stop Russia from using VPNFilter to influence the U.S. midterm federal elections in November.


An assessment from Ashley Stephenson, CEO, Corero Network Security: “We often know about potential threats earlier in their lifecycle, before the actual attacks are launched. Ironically the cybersecurity community is frequently powerless to intervene before these weaponized IoTs are activated so we must continue to prepare our cyber defenses and response strategies for future attacks.” …more

GUEST ESSAY: DHS tackles supply-chain issues over malware-laden smartphones

By Vincent Sritapan

At the Black Hat security conference last August, researchers from the security firm Kryptowire announced that they’d discovered Amazon’s #1-selling unlocked Android phone, the BLU R1 HD, was sending Personally Identifiable Information (PII) to servers in China. The culprit was a piece of firmware update software created by AdUps Technologies, a company based in Shanghai.

Related article: How enterprises address mobile security

For many members of the audience, it was a major episode of deja vu. Just eight months earlier, the same company, Kryptowire, had announced they had discovered the exact same backdoor in AdUps software running on the exact same BLU phone. BLU claimed then that the existence of the backdoor was a mistake, and that the problem …more

Advanced encryption that locks down ‘underlying data’ arrives to support ‘digital transformation’

By Byron V. Acohido

Encrypting data kept in storage (data at rest) as well as data as it is being transported from one server to another (data in transit) has become a standard business practice.

Yet there remains a singular security gap in the way companies collect, store, access and analyze business data, both on premises and, especially, in the cloud.

Related article: Cloud providers take on security burden

To do a simple database search — or to complete more sophisticated tasks, such as data analytics — stored data must first be decrypted. Or put another way, encrypting data often breaks applications and application functionality further limiting its use and implementation. This creates a viable opportunity for an intruder lurking on a company’s network to steal the data in decrypted form.

Make no mistake, this is a profound exposure, one that has become increasingly worrisome as “digital transformation” accelerates and companies shift more data storage, software development and data analytics into the cloud.

The good news is that the commercialization of a long sought-after technology breakthrough that directly mitigates this singular risk is gaining traction in multiple forms. There is an emergence of new data protection and encryption capabilities that leverage different cryptographic techniques.  Homomorphic encryption, secure multiparty compute (SMPC), and enclave computing are all solutions that have been recently released to market.

A Silicon Valley-based startup called Baffle is in the thick of this important development. I recently had the chance to sit down with Baffle’s co-founder and CEO Ameesh Divatia. For a drill down on our conversation, please listen to the accompanying podcast. The key takeaways: …more

CyberArk shows how ‘shadow admins’ can be created in cloud environments

By Byron V. Acohido

There’s little doubt “digital transformation” is here to stay. And it is equally clear that just about all of the fundamental network vulnerabilities we already know about will escalate, in lockstep, with any benefits accrued.

It turns out that speeding up tech innovation cuts both ways.

Related article: How safeguarding privileged accounts can lower insurance

A vivid illustration of this  truism comes from the rising challenges businesses face locking down privileged accounts. I had the chance to visit with CyberArk security researchers Lavi Lazarovitz and Asaf Hecht just after they carried out a stunning demo at RSA Conference 2018.

The pair showed how threat actors can create all-powerful  “shadow admin” accounts within cloud platforms, such as Amazon Web Services, Microsoft Azure and Google Cloud, simply by manipulating the very design features meant to make cloud services nimble and agile.

For a full drill down on our discussion, please listen to the accompanying podcast. Here are key takeaways.

On-premise vs. cloud

Some context: When I interviewed CyberArk CEO Udi Mokady back in 2013, we discussed how most organizations had a lot to learn about privileged access security best practices. The vast majority of organizations at the time underestimated the number of privileged accounts that existed in their networks, allowed employees to widely share passwords, did not use two-factor authentication much, and changed passwords infrequently.

Since then companies have made substantial progress. Privileged access security technologies and best practices have been more widely adopted with respect to on-premises data centers. Companies are paying much closer attention to the use —  and abuse — of privileged accounts, credentials and secrets, especially those that provide root access to mission-critical systems. …more