Author: bacohido

LEHI, Utah, Sept. 23, 2024 – DigiCert, backed by Clearlake Capital Group, L.P. (together with its affiliates, “Clearlake”), Crosspoint Capital Partners L.P. (“Crosspoint”), and TA Associates Management L.P. (“TA”), today announced it has completed its acquisition of Vercara, a leader in cloud-based services that secure the online experience, including managed authoritative Domain Name System (DNS) and Distributed Denial-of-Service (DDoS) security offerings that protect organizations’ networks and applications.

The acquisition expands DigiCert’s capabilities to protect organizations of all sizes from the growing number of cyberattacks organizations experience each day.

The acquisition of Vercara complements DigiCert’s core PKI and certificate management infrastructure that protects and authenticates people, websites, content, software, and devices. Vercara’s industry-recognized UltraDNS product is an enterprise-grade managed authoritative DNS service that securely delivers fast and accurate query responses to websites and other vital online assets, ensuring 100% website availability along with built-in security for superior protection. Vercara’s UltraDDoS Protect, UltraWAF, UltraAPI, and UltraEdge solutions provide layers of protection for organizations’ web applications and infrastructure. By combining with Vercara, DigiCert will be positioned to provide customers with a unified DNS and certificate management experience, including more efficient domain control validation and simplified DNS configuration.

Sinha

“Today we start the exciting work of bringing Vercara into our portfolio to further advance DigiCert’s goal of delivering digital trust for the real world,”said Amit Sinha, CEO of DigiCert.“We believe the combination of Vercara’s talent and suite of products with DigiCert’s technology and platform, history of innovation, and scale will help ensure customers get the highest level of digital trust available.”

About DigiCert: DigiCert is a leading global provider of digital trust, enabling individuals and businesses to engage online with the confidence that their footprint in the digital world is secure. DigiCert® ONE, the platform for digital trust, provides organizations with centralized visibility and control over a broad range of public and private trust needs, securing websites, enterprise access and communication, software, identity, content and devices. DigiCert pairs its award-winning software with its industry leadership in standards, support and operations, and is the digital trust provider of choice for leading companies around the world. For more information, visit ?www.digicert.com or follow on LinkedIn.

About Vercara: Vercara is a purpose-built, global, cloud-based security platform that provides layers of protection to safeguard businesses’ online presence, no matter where attacks originate or where they are aimed. Delivering the industry’s highest-performing solutions and supported by unparalleled 24/7 human expertise and hands-on guidance, top global brands depend on Vercara to protect their networks and applications against threats and downtime. Vercara’s suite of cloud-based services is secure, reliable, and available, delivering peace of mind and ensuring that businesses and their customers experience exceptional interactions all day, every day. Pressure-tested in the world’s most tightly regulated and high-traffic verticals, Vercara’s mission-critical security portfolio provides best-in-class DNS and application and network security (including DDoS and WAF) services to its Global 5000 customers and beyond. For more information, visit www.vercara.com.

About Clearlake: Founded in 2006, Clearlake Capital Group, L.P. is an investment firm operating integrated businesses across private equity, credit, and other related strategies. With a sector-focused approach, the firm seeks to partner with experienced management teams by providing patient, long-term capital to dynamic businesses that can benefit from Clearlake’s operational improvement approach, O.P.S.® The firm’s core target sectors are technology, industrials, and consumer. Clearlake currently has over $90 billion of assets under management, and its senior investment principals have led or co-led over 400 investments. The firm is headquartered in Santa Monica, CA with affiliates in Dallas, TX, London, UK and Dublin, Ireland. More information is available at www.clearlake.com.

About TA: TA is a leading global growth private equity firm with offices in Boston, Menlo Park, Austin, London, Mumbai and Hong Kong. Focused on targeted sectors within five industries – technology, healthcare, financial services, consumer and business services – the firm invests in profitable, growing companies around the world with opportunities for sustained growth. Investing as either a majority or minority investor, the firm employs a long-term approach, utilizing its strategic resources to help management teams build lasting value in growth companies. TA has raised $65 billion in capital and has invested in more than 560 companies since its founding in 1968.

About Crosspoint Capital Partners: Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity, privacy and infrastructure software markets. Crosspoint has assembled a group of highly successful operators, investors and sector experts to partner with foundational technology companies and drive differentiated returns. Crosspoint has offices in Menlo Park, CA and Boston, MA. For more information visit: www.crosspointcapital.com.

 

 

The post News alert: DigiCert acquires Vercara to enhance cloud-based DNS management, DDoS protection first appeared on The Last Watchdog.

Boston, Mass., Sept. 18, 2024] — One Layer, the leader in managing and securing enterprise private 5G/LTE Operational Technology (OT) networks, announced today the selection of its OneLayer Bridge private LTE network device management and zero trust security platform by energy provider Evergy, in a multi-year deal.

Evergy has innovatively embraced Ericsson’s private LTE technology to elevate operational performance. They recently completed their transition from pilot and testing to preparations for a comprehensive rollout for operational use. Evergy chose OneLayer’s solution to manage and secure devices in their facilities and across their electricity grid in the U.S. Evergy’s fast-growing private LTE cellular networks use thousands of devices today, including Internet of Things (IoT) sensors, smart meters, OT and other cellular devices. In the next few years, the number of devices is planned to scale to the tens of thousands.

“With this widespread rollout, we needed a way to manage the growing number of OT devices using our private cellular network,” says J.J. Stutler, Manager, Wireless Engineering & Operations at Evergy. “We required automation and delegation of various device onboarding steps to different Evergy teams, alongside complete visibility to all devices at all times. OneLayer did all of that, in addition to providing operations and security frameworks for our private LTE networks and connected devices. With OneLayer, Evergy is now better equipped to deliver reliable power to customers and fulfill the potential of its strategic sustainability transformation plan for its customers and stakeholders.”

The implementation of OneLayer’s platform is projected to result in substantial savings for Evergy in the areas of asset management, operations and network management.

OneLayer’s asset management capabilities enhance Evergy’s operational efficiency by automating device onboarding, provisioning, profiling, classifying and activation. OneLayer enables delegating onboarding steps to different teams, enabling Evergy to scale their network effectively by creating autonomy for different Evergy teams, alongside maintaining oversight of what devices are onboarded. Visibility and tracking of every individual device connected to the network – even non-cellular devices connected via cellular routers – enable Evergy to assess performance and uptime of devices and routers, conduct vendor comparisons at scale and adjust Quality of Service (QoS) dynamically for different groups of devices or situations.

As a player in critical national infrastructure, Evergy requires strict security. OneLayer provides Evergy with end-to-end zero-trust security that seamlessly extends Evergy’s existing security frameworks, established segmentation standards and regulatory requirements to the private LTE domain. OneLayer Bridge’s OT/IoT asset discovery and tracking, geofencing, anomaly detection and mitigation functionalities significantly reduce Evergy’s attack surface and enable swift remediation of any potential problems.

Mor

“OneLayer sees Evergy’s team as visionaries, professionals, mission-oriented, and focused on their business needs,” explains Dave Mor, OneLayer CEO. “OneLayer is here to support Evergy’s journey to success. Our maintenance of strong relationships with private LTE vendors, like Ericsson and CPE vendors ensures continuous support for upgraded products and enhanced capabilities. This approach allows Evergy to benefit not only from existing efficiencies but also to stay prepared for evolving challenges and opportunities in the private LTE landscape.”

About OneLayer: OneLayer brings complete visibility, asset management, and zero-trust security to all devices connected to private LTE and 5G networks. All activities are tracked to orchestrate and secure the environment. Through OneLayer’s solution, enterprises get complete asset management and operational intelligence capabilities to maximize operational excellence and zero-trust security to prevent cellular breaches. The platform enables enterprises to treat their private cellular network as another enterprise network without the need to be cellular experts. To learn more about OneLayer, please visit www.onelayer.com.

The post News alert: Evergy selects OneLayer to manage, secure its private cellular OT assets first appeared on The Last Watchdog.

As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever.

New findings from Forescout ­– Vedere Labs, the industry leader in device intelligence, and Finite State, an industry leader in software supply chain security, emphasize the critical state of software supply chains in OT and IoT routers, revealing widespread vulnerabilities. The findings focused on outdated software components in router firmware, across sectors from industrial operations to healthcare and critical infrastructure, highlighting associated cyber risks.

These findings are not just a wake-up call, but also show the need for immediate action to mitigate cyber risks today and in the future.

Unveiling vulnerabilities

The research revealed a troubling issue: the extensive use of outdated software components in routers, which are essential for device connectivity in various environments. Many of these routers depend on firmware built on outdated versions of the OpenWrt operating system – an open-source project for embedded operating systems primariy used for routing network traffic. The average open-source component in these routers was found to be over five years old, and using a version that lagged significantly behind the latest release.

Equally alarming was the widespread presence of known vulnerabilities, or “n-day” vulnerabilities, in the firmware images. On average, each firmware image contained 161 known vulnerabilities, with a significant number rated as high or critical. Despite the availability of newer, more secure versions of the software, these vulnerabilities persist in the latest firmware releases, leaving devices vulnerable to potential attacks.

dos Santos

The research also revealed significant security weaknesses in the routers’ binary protection mechanisms. Features like stack canaries, intended to prevent buffer overflow attacks, were found to be poorly implemented or not present at all. This lack of robust security features further compounds the risks associated with using outdated firmware.

Firmware risks

The presence of these vulnerabilities in widely used cellular routers is more than just a technical oversight, it represents a significant risk for organizations that rely on these devices for critical operations. Cellular routers are often deployed in environments where reliability and security are paramount, such as in industrial control systems, remote monitoring, and critical infrastructure management. When these routers are compromised, the consequences can be severe, leading to operational disruptions, data breaches, and even damage to essential infrastructure.

The persistence of known vulnerabilities in these devices raises an important question: why are these issues still present, despite being well-documented? The answer lies partly in the complexity of firmware updates and the challenges of maintaining compatibility with a wide range of hardware. Yet, this does not justify the lack of proactive measures taken to address these vulnerabilities. The research found that while some vendors do apply custom patches to issues, these patches often introduce new problems or fail to fully resolve existing ones, further complicating the security landscape.

Role of SBOMs

The findings from this research are a reminder that addressing firmware vulnerabilities in OT and IoT routers must be a top priority for both device manufacturers and the organizations that rely on them. We recommend the adoption of Software Bills of Materials (SBOMs) which provide a detailed inventory of the components within a device’s software. SBOMs enhance transparency and allow for more effective vulnerability managemen

Manufacturers must also improve their patch management processes and be more transparent with customers regarding product security. This includes issuing timely security advisories when vulnerabilities are identified. Additionally, sharing asset risk information, including details about the configuration, behavior and function of devices is essential. In doing this, manufacturers can help organizations better understand the risks associated with their devices and the appropriate mitigation actions. In turn, organizations should prioritize mitigating the vulnerabilities that pose the greatest threat to their operations first.

As the proliferation of OT and IoT devices continues across sectors, addressing firmware vulnerabilities will become ever more important. There is an urgent need to improve device security and create greater transparency in the software supply chain. By taking proactive measures today, including embracing SBOMs and prioritizing regular updates and patches, organizations can reduce cybersecurity risks and safeguard the future of our interconnected world.

Daniel dos Santos is Head of Research at Forescout Research – Vedere Labs

The post Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers first appeared on The Last Watchdog.

Uncategorized

I recently learned all about the state-of-the art of phishing attacks – the hard way.

Related: GenAI-powered attacks change the game

An email arrived from the head of a PR firm whom I’ve known for 20 years asking me to click on a link to check out a proposal. Foolishly, I did so all too quickly. Within a few minutes, many of my contacts, and even strangers, were receiving a similar malicious email from me.

At Black Hat USA 2024, I visited with Eyal Benishti, CEO of IRONSCALES, an Atlanta-GA-based supplier of advanced email security systems. We discussed just how targeted and contextualized advanced phishing attacks, like the one I experienced, can be. For a full drill down, please give the accompanying podcast a listen.

Benishti explained how the anti-phishing protections from Google and Microsoft excel at blocking known threats but often struggle with threats that aren’t yet recognized as harmful. His observation correlates to the notion that GenAI is helping both the attackers and the defenders.

In this shifting landscape, it’s becoming very clear that difference maker is humans. Attackers are getting evermore adept at leveraging GenAI to exploit our distracted nature. More so than ever, companies need to continually train users to stay on high alert.

Quick reporting by well-trained users isn’t going to be enough. Legacy protections from Google and Microsoft typically take 72 hours to catch up, Benishti told me. He argues that human feedback must be tightly integrated into AI-infused defenses that are tuned to adapt in real-time to evolving threats.

This balancing act is just getting started. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The post Black Hat Fireside Chat: User feedback, AI-infused email security are both required to deter phishing first appeared on The Last Watchdog.

Cary, NC, Aug. 22, 2024, CyberNewsWire — In modern business, cybersecurity is not merely a technical concern but a crucial financial safeguard. With cyber threats growing in sophistication and frequency, the financial implications of neglecting cybersecurity training are severe and multifaceted. INE Security, a global leader in cybersecurity training and certifications, is exploring how overlooking this critical aspect of organizational strategy can lead to a financial crisis and laying out five key reasons why cybersecurity training is important.

Impact of cyber attacks

The financial toll of cyber incidents can be staggering. The average cost of a data breach ballooned to $4.88 million dollars in 2023, a 10% spike over the previous year, according to a recent IBM report. The same report illuminates the value of a robust cybersecurity staff, showing a majority of those breached were short-staffed in cybersecurity, and experienced an average loss of $1.76 million more in beach costs.

“As cyber threats become more sophisticated, the cost of not investing in cybersecurity training escalates exponentially,” explains Dara Warn, CEO of INE Security. “Effective training is not merely a line item expense — it’s an indispensable investment in the operational integrity and financial security of organizations. Choosing the right training partner and prioritizing cybersecurity training for businesses should not be viewed as optional by CISOs and CIOs.”

Operational disruption

Beyond the direct costs of a cyberattack, operational disruptions often require extensive system recoveries, diverting resources and causing significant revenue losses, as was the recent case for CDK Global. The automotive dealership software solution provider was hit by a ransomware attack, crippling the auto industry and opening the company up to substantial litigation risks, a one-two punch that will likely take years to realize the full extent of the damages.

Reputational damage

The indirect costs of cyber breaches, such as reputational damage, can be more harmful than the immediate financial penalties. After the 2019 data breach of Capital One, which affected approximately 100 million customers in the U.S., the bank faced not only regulatory fines but also a significant erosion of customer trust. The incident led to lawsuits and a decline in customer growth, illustrating how reputational damage can translate into long-term financial losses and highlighting the fragility of critical IT infrastructures.

Compliance costs

Neglecting cybersecurity training also exposes organizations to regulatory risks. Non-compliance with frameworks such as GDPR in Europe or HIPAA in the United States can result in substantial fines. In 020, Marriott faced a fine of more than $23 million by the UK’s Information Commissioner’s Office for a breach that affected millions of guests. Although reduced from an initial $124 million due to mitigation factors, including the economic impact of COVID-19, the fine underscores the significant financial penalties associated with failing to protect customer data.

The case for training

Investing in cybersecurity training is not just about mitigating risks—it’s about financial prudence. Well-trained employees are less likely to fall prey to phishing attacks or other forms of social engineering, significantly reducing the potential for breaches. Moreover, a knowledgeable IT team can ensure that systems are kept up-to-date and secure against emerging threats, decreasing the likelihood of costly incidents.

From a financial perspective, the return on investment for cybersecurity training is clear. The cost of training and upskilling staff is considerably lower than the expenses associated with recovering from a cyber attack, not to mention the long-term savings from avoiding fines and reputational damage.

Protection through education

Cybersecurity training empowers employees by educating them about the risks associated with cyber threats and the methods by which these threats can infiltrate an organization. By understanding the tactics used by cybercriminals, such as phishing, ransomware, and other forms of social engineering, employees become more adept at recognizing suspicious activities and less likely to inadvertently expose the organization to a breach. This type of education is crucial, as human error remains one of the leading causes of security failures.

Value of certifications

Achieving the best certifications for cybersecurity such as Junior Penetration Tester (eJPT), CompTIA Security+, and Certified Information Systems Security Professional (CISSP) provides IT professionals with comprehensive knowledge and skills that are crucial for managing and mitigating cybersecurity risks effectively. These certifications are recognized across the industry and signify a professional’s ability to design, implement, and manage a best-in-class cybersecurity program. They are not merely educational tools but are also instrumental in shaping the cybersecurity landscape within an organization.

Leveraging training for compliance

With the increasing number of data protection regulations, such as GDPR in Europe and CCPA in California, cybersecurity training becomes essential for ensuring compliance. Training programs that include components on regulatory requirements help organizations avoid costly fines and legal battles by keeping employees informed about their responsibilities under these laws. Compliance-focused training ensures that the organization not only meets current legal standards but is also prepared for new regulations that may arise.

Strategic security investments

The cost of implementing a robust cybersecurity preparedness training program is often dwarfed by the expenses associated with a data breach, which can include remediation costs, fines, lawsuits, and loss of reputation. By investing in continuous and updated training programs, organizations can create a culture of security that permeates every level of the company. This culture not only enhances security but also builds a corporate ethos where security becomes a daily operational element, as integral as customer service or quality control.

Attracting, retaining top talent

Organizations that provide ongoing professional development opportunities in cybersecurity are more likely to attract and retain top talent. Professionals in the field often seek environments where they can grow their skills and take on new challenges. Providing access to training and development programs makes an organization more attractive to ambitious cybersecurity professionals and enhances its reputation within the industry.

The financial stakes associated with cybersecurity are too high to ignore. As cyber threats evolve, the cost of inaction will only increase. Organizations must view cybersecurity training not as an optional expense but as a critical investment in their financial security and operational integrity. By prioritizing cybersecurity education, businesses can protect themselves against not only the immediate threats but also the extensive financial repercussions that can arise from a single breach.

About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Media contact: Kathryn Brown, Director of Global Strategic Communications and Events, INE Security, kbrown@ine.com

The post News alert: INE Security advisory: The steep cost of neglecting cybersecurity training first appeared on The Last Watchdog.

The art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day.

Related: GenAI’s impact on elections

It turns out that the vast datasets churned out by cybersecurity toolsets happen to be tailor-made for ingestion by Generative AI (GenAI) engines and Large Language Models (LLMs.) Leading cybersecurity vendors have recognized this development; and they are innovating clever ways to bring GenAI and LLM to bear.

A prime example comes from Resecurity, a Los Angeles-based cybersecurity vendor that has been helping organizations identify, analyze, and respond to cyber threats since its launch in 2016. Resecurity most recently unveiled Context AI, a new service that enriches threat intelligence, enhances analyst workflows and speeds up decision-making across security operations.

Last Watchdog engaged Shawn Loveland, Chief Operations Officer at Resecurity, to discuss where things stand with respect to GenAI and LLM making an impact in cybersecurity.  Here’s that exchange, edited for clarity and length.

LW: We’re at a very early phase of GenAI and LLM getting integrated into cybersecurity; what’s taking shape?

Loveland: The technology itself is still evolving, and while it shows great potential, it has yet to fully mature in terms of reliability, scalability and security. Additionally, the cybersecurity community needs a more comprehensive understanding and trust regarding how these AI tools can be effectively and safely deployed in real-world environments.

Integrating GenAI and LLMs into cybersecurity frameworks requires overcoming complex challenges, such as ensuring the models can handle the nuances of cyber threats, addressing data privacy concerns, adapting to the dynamic nature of the threat landscape, and dealing with inaccuracies and incomplete data sets that may lead to misleading outputs.

LW: How much potential does GenAI and LLL to be a difference maker in cybersecurity?

Loveland

Loveland: They can potentially revolutionize cybersecurity. Their advanced capabilities in processing vast amounts of data, identifying patterns, and automating responses to threats make them game changers. These AI models can analyze and understand complex data from various sources much faster and more accurately than traditional methods, enabling them to detect anomalies, predict potential threats, and respond to real-time incidents.

This significantly enhances the speed and efficiency of cybersecurity defenses, spanning individual companies and locations. Additionally, GenAI can assist in developing more sophisticated threat simulations and improving incident response strategies by learning from past incidents and continuously adapting to new threat landscapes. As these models evolve, they promise to reduce human error and security operations and provide a more proactive approach to cybersecurity.

LW: Tell us a bit about Resecurity’s implementation.

Loveland: We’ve integrated GenAI and LLM into our services platform. These technologies enable our platform to process and analyze large amounts of structured and unstructured data, empowering our advanced threat intelligence and cybersecurity solutions. Using AI-driven analytics, we’ve automated many routine security tasks and enhanced our threat detection accuracy.

This integration empowers more proactive defense mechanisms, such as real-time monitoring and detecting sophisticated cyber threats that may bypass traditional security measures. Additionally, we have recently introduced Context AI, which allows analysts to interact with our data through an LLM interface to gain further insights into threats targeting their company.

LW: How did the idea for Context AI come about?

Loveland: Traditional security measures continuously fail to identify and respond to new, novel, and sophisticated cyber threats, which are compounded by incomplete dark web data sets, leading to incomplete and inaccurate output by AI.

Context AI created a platform that automatically gathers, analyzes, and correlates vast amounts of data from multiple sources, including the deep dark web, to provide real-time and predictive insights. This enables security teams to make more informed decisions, anticipate potential threats, and proactively defend against them. The goal was to move beyond reactive security measures and empower organizations with the intelligence needed to stay ahead of emerging threats.

LW: Can you share any anecdotes that validate your approach?

Loveland: One organization in the financial sector used Context AI to identify and prevent a sophisticated phishing campaign that targeted their employees. By leveraging the platform’s real-time threat intelligence and contextual analysis, they were able to thwart the attack before it compromised any sensitive data

Another benefit accrued by a healthcare provider was the early detection of potential insider threats, which allowed them to address vulnerabilities and prevent data breaches that could have jeopardized patient privacy.

LW: How do you expect the adoption curve of Context AI to play out, moving forward?

Loveland: As Context AI gains traction, future benefits will include more robust threat prediction capabilities, integration with broader security ecosystems, and the ability to provide tailored industry-specific intelligence. As more organizations experience these advantages and share their success stories, the adoption rate of Context AI will likely accelerate, leading to widespread recognition of its value in cybersecurity.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The post NEWS ANALYSIS Q&A: The early going of Generative AI and LLMs impacting cybersecurity first appeared on The Last Watchdog.

President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward.

Related: Europe mandates resiliency

Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software supply chains, especially in light of the SolarWinds and Colonial Pipeline attacks.

Yet SBOMs will take us only so far. I had a deep discussion about this at Black Hat USA 2024 with Saša Zdjelar, Chief Trust Officer at ReversingLabs (RL). He drew a vivid parallel between food safety and software security.  For a full drill down, please give the accompanying podcast a listen.

An SBOM is like an ingredients list, not a recipe for a gourmet dish, Zdjelar argues. Similarly, SBOMs in and of themselves do little to flush out anomalies arising in the wild. In short, SBOMs do not take context into account, he noted.

Context is fast becoming king in cybersecurity. Contextual solutions are more like recipes for securing business networks in a cloud-centric, hyper-interconnected operating environment – without unduly taxing efficiency or user experience.

RL Spectra Assure, for instance, provides context by performing deep analyses of binary code. This technology doesn’t just identify the ingredients in software, it also analyzes how those ingredients — such as third-party components, open-source libraries and other types of dependencies — interact. In doing so, Spectra Assure does what SBOMs cannot, identify malware or tampering. before an application is released or deployed

And it does this in real time by integrating into continuous integration/continuous deployment (CI/CD) workflows for software producers. Or in the case of enterprise buyers, on-demand scanning of commercial software provides a consistently up-to-date view of application risk before deployment or as new updates are made. This is a prime example of contextual security gaining ground in a massively complex, highly dynamic operating environment.

We need a lot more of it. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The post Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure first appeared on The Last Watchdog.

Application Security Posture Management (ASPM) arose a few years ago as a strategy to help software developers and security teams continually improve the security of business applications.

Related: Addressing rising cyber compliance pressures

At Black Hat USA 2024, an iteration called Active ASPM is in the spotlight. I had the chance to visit with Neatsun Ziv, CEO and co-founder of Tel Aviv-based OX Security, a leading Active ASPM solutions provider.

I learned all about how Active ASPM emphasizes continuous, real-time monitoring and proactive remediation, thereby augmenting more passive ASPM methods, if you will, that focus on data aggregation and periodic assessments, Ziv told me. For a full drill down, please give the accompanying podcast a listen.

For its part, OX Security does this by going the extra mile to provide rich, detailed context that enables security teams to do triage more effectively – and CISOs to justify, with hard evidence, why resources need to be directed at specific security improvements.

This heavy lifting gets done, he says, by “going into the code and reading the code myself. I’m going to connect to the cloud, read the configurations and read the active assets you’ve got in your cloud. I’m going to connect to your artifact registry and scan what’s in there. I’m going to connect to your existing tools, understand what’s in there, and basically use every asset that you have inside your organization to provide the best and most accurate answer to the question, ‘Are you right now at risk? If so, let me guide you through the process of getting to a safer place.’ “

How high might Active ASPM move the bar, going forward? I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The post Black Hat Fireside Chat: Here’s how ‘Active ASPM’ is helping to triage and remediate coding flaws first appeared on The Last Watchdog.

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024: GenAI is  very much in the mix as a potent X-factor in cybersecurity.

Related: Prioritizing digital resiliency

I spoke with over three dozen cybersecurity solution providers. Some of the more  intriguing innovations had to do with leveraging GenAI/LLM-equipped chatbots as proprietary force multipliers.

This is all part of Generative AI and Large Language Models igniting the next massive technological disruption globally. In the next five years, GenAI/LLM deployments are expected to add $2.6 to $4.4 trillion annually across more than 60 use cases, according to recent McKinsey study; a recent AWS survey predicts that over 93% of employers will use GenAI/LLM to increase innovation and creativity, automate repetitive tasks and boost learning.

Part of this tech revolution will play out in the cybersecurity sector as vendors perfect ways to assign GenAI/LLM to the task of helping companies get a better grip on data sprawl. Massive, indiscriminate ingestion of data was an intractable mess long before this mad scramble to insert AI assistants high and low in company operations.

“AI thrives on large datasets, “Steve Stone, head of Rubrik Zero Labs told me. “When you add AI into the mix, it further intensifies the challenge of managing data sprawl and the associated risks.”

Ditto when it comes to detection sprawl, if you will, in the cyber realm. I’m referring to the proliferation of fragmented, siloed security systems. “Managing all of that telemetry, bringing it together, prioritizing the alerts and remediating them, well, that’s where things break in the real world,” observes Willy Leichter, CMO of AppSOC.

Roger that. Just ask CrowdStrike. After strolling the exhibits floor at Black Hat USA 2024 and speaking with the solution providers, I jotted down two categories of cybersecurity advancements: ‘coding level’ and ‘operational level.’ Highlights of what I learned:

Coding level

The continual monitoring and hardening of business software as it is being rapidly developed, tested and deployed in the field has become a foundational best practice. When it comes to the broad category of Application Security (AppSec,) there’s a lot is going on.

AppSec technology security-hardens software at the coding level. Then there’s the sub-category of application security posture management (ASPM.) ASPM toolsets came along in 2020 or so to help organizations get more organized about monitoring and updating code security as part of meeting data privacy and security regulations.

Big name tech vendors like Palo Alto Networks, Cisco, IBM and even CrowdStrike have since integrated ASPM services in their platform offerings. And alongside them there is a thriving cottage industry of independent ASPM solution providers. I spoke at length with three of them: AppSOC, Cycode and OX Security.

San Jose, Calif.-based AppSOC launched in 2021 to aggregate, consolidate and prioritize security data from various toolsets used in the software development lifecycle (SDLC). AppSOC leverages AI to reduce the noise from multiple data sources and intelligently prioritizes vulnerabilities based on exploitability and business impact, Leichter told me.

Meanwhile, Tel Aviv, Israel-based Cycode started in 2019 to deliver a secrets detection service; it subsequently evolved into supplying advanced ASPM technology, says regional sales manager Kyle Vanderzanden. Cycode uses dedicated, in-house scanners to vet code within the hectic flow of the software development and deployment processes so as to not slow down innovation, he says

I also hosted a LW Fireside Chat podcast with OX Security CEO Neatsun Ziv. We did as deep dive on the evolution of ASPM solutions over the past four years and we discussed so-called Active ASPM;  give a listen once the podcast, which is on track to go live as LW’s Top Story  tomorrow (Aug. 11.)

I’d also put San Francisco-based Traceable and Cambridge, Mass.-based ReversingLabs in the bucket of coding-level solution providers at the leading edge. In my LW Fireside Chat with Traceable’s Amod Gupta, which you can listen to here, we dissect the reasons why API Security is so effective at mitigating online fraud; we also spoke about the emerging need to help enterprises secure their  GenAI deployments.

And stay tuned for my upcoming LW Fireside Chat with ReversingLabs Chief Trust Officer Saša Zdjelar, in which he describes ReversingLabs’  unique approach to deeply vetting new code in a way that greatly enhances Software Build of Materials (SBOMs.)

Operational level

It’s not enough, of course, to do security well at just the coding level. Multiple layers of proactive protection are required to achieve resiliency in a massively complex, highly dynamic operating environment.

This includes hardware security. I spoke to Brett Hansen, CMO, of Cigent Technology, and John Gunn, CEO of Token,  about discreet security devices at the hardware layer: for remote data storage and privileged access, respectively

Based in Naples, Fla.- Cigent provides security-enhanced SSDs and microSDs. Its solution includes hardware encryption, software-based multi-factor authentication, and AI-driven anomaly detection within the storage itself, Hansen noted.

New York, NY-based Token is on the verge of introducing a very unique wearable – a smart security ring activates by a fingerprint sensor and hardened to make it hackproof. For starters the ring is aimed at system administrators and senior executives, but could eventually go mainstream. For a full drill down, give a listen to my LW Fireside Chat podcast discussion with Gunn.

Yet another layer – easily the most porous one — is the user layer. And by far the two most ubiquitous user interfaces are web browsers and mobile devices.

Island’s Uy Huynh and I discussed how enterprise browsers are gaining traction because of advanced methods to both enhance security and improve efficiency. And I visited with AppDome CEO Tom Tovar to discuss the somewhat surprising, to me at least, results of a global consumer survey highlighting smartphone users’ readiness to abandon brands associated with poorly secured mobile apps.

Screenshot

I also heard from San Francisco-based Horizon3.ai, which announced a strategic partnership with Tech Mahindra, a major India-based multinational tech services company.

Horizon3 will integrate its its NodeZero™ platform, which delivers AI-powered pentesting and other services, with Tech Mahindra’s comprehensive suite of cybersecurity services.

And I learned all about Washington D.C.-based Black Girls Hack and London-based Security Blue Team. These organizations are taking a fresh approach to filling a big unmet need. Give a listen to my conversation with BGH founder Tennisha Martin about the support services they offer to anyone looking to enter or move over to a cybersecurity career. And I also spoke with Melissa Boyle, marketing manager at Security Blue Team, about the array of free and paid cybersecurity skills training services.

Those are my big takeaways from Black Hat USA 2024. Much percolating. As always, I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

 

 

The post MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency first appeared on The Last Watchdog.

LAS VEGAS — As Black Hat USA 2024 plays out here this week, the disruptive impact of GenAI/LLM at many different levels will be in the spotlight.

Related: GenAI introduces fresh risks

We’re in early days. The productivity gains are ramping up – but so are the exposures.

I had the chance to visit with Amod Gupta, head of product at Traceable; we  discussed how GenAI/LLM is reverberating at the API level, where hyper-interconnectivity continues to intensify. For a full drill down, please give the accompanying podcast a listen.

Companies in all industries are racing to deploy GenAI/LLM chatbot assistants to improve efficiencies and boost revenue. This includes cybersecurity solution providers jumping on the bandwagon to enhance their tools and services.

At this moment, there’s a huge challenge securing the data transmitted via application programming interfaces (APIs) to and from all the novel chatbot assistants, Gupta told me. It’s only a matter of time, he says, before threat actors discover fresh ways to siphon off sensitive data.

Beyond that, other types of threats pivoting off APIs, such as prompt injection attacks, seem certain to escalate. Traceable is keeping close tabs via the installed base of its advanced API security platform. Meanwhile, it, too, is examining ways to leverage GenAI/LLM to reinforce security.

For instance, Gupta described a scenario where a security team member might use a GenAI/LLM assistant to run customized analyses of a unique vulnerability disclosure or perhaps a suspicious pattern of API activity.  “Instead of spending hours sifting through data, an analyst or even a technician could ask our GenAI assistant to perform the heavy lifting,” he says.

How quickly might GenAI/LLM arise as a defacto force-multiplier across cybersecurity? I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

 

The post Black Hat Fireside Chat: The role of API Security in mitigating online fraud, emerging GenAI risks first appeared on The Last Watchdog.