Category: Black Hat Podcasts

Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry.

Related: The security role of semiconductors

Cutting against the grain, Flexxon, a Singapore-based supplier of NAND memory drives and storage devices, arrived at Black Hat USA 2023 calling for a distinctive hardware approach to repelling cyber attacks.

Flexxon recently introduced its X-PHY SSD drive which now comes embedded in certain laptop models from Lenovo, ASUS and HP. This innovation derives from security-hardened AI-powered memory and storage drives Flexxon supplies that go into medical equipment and industrial machinery.

I had the chance to get briefed about all of this by Flexxon’s founder and CEO Camellia Chan. For a full drill down give the accompanying podcast a listen.

Guest expert: Camelia Chan, CEO, Flexxon

Instead of struggling to account for innumerable attack paths, X-PHY guards just one path; it keeps an eagle eye on the read-write activities at the memory storage level, Chan told me.

It instantly recognizes —  and blocks — any rogue read-write commands, such as those favored by ransomware purveyors and other malicious actors. The system operates in the background without the need for constant updates. It alerts users to anomalous activities and can shut down storage devices to safeguard data instantly, she says.

“Cyber security is actually missing intelligent, dynamic detection sitting at the physical layer,” Chan says. “X-PHY will act as a last line of defense against potential risk and help companies better safeguard their data.”

The transformation progresses. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life.

Sharing intel for a greater good

Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern networks.

I had a terrific discussion about this at Black Hat USA 2023 with Casey Ellis, founder and CTO of Bugcrowd, a pioneer in the crowdsourced security market. Bugcrowd ushered in crowdsourced security with its launch in 2012, and today a covey of vendors have followed suit, each supplying intricate platforms to connect hackers with proven skillsets to companies that have particular needs.

“What we’ve got under the hood is effectively a dating website for people who are good at breaking into computers,” Ellis says.

Crowdsourced security vendors (others include Synack, Hacker One and Intigriti) make it seamless for companies to tap into a global network of software coders, and set them on the hunt for vulnerabilities.

Guest expert: Casey Ellis, CTO, Bugcrowd

This decentralized, diligently-managed approach meshes well with the overall shift to massively interconnected digital services.

For more on this, please do give the accompanying podcast a listen. Ellis and I discuss the evolution of pen testing, the current state of bug bounties and the rising influence of AI. For instance, some 85 percent of hackers responding to Bugcrowd’s Inside the Mind of a Hacker poll said they are already using generative AI in their workflows.

For its part, Bugcrowd has committed to helping companies shift to a risk-management approach to security, Ellis says. With AI speeding everything up, triaging risks makes a lot of sense. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

 

For a couple of decades now, the web browser has endured in workplace settings as the primary employee-to-Internet interface. It’s really just assumed to be a given that a browser built for consumers is an acceptable application for employees to use to work.

And despite advances, like sandboxing, browser isolation and secure gateways, the core architecture of web browsers has remained all-too vulnerable to malicious attacks.

There was a lot of buzz at Black Hat USA 2023 about advanced “enterprise browsers.” I visited with Uy Huynh, vice president of solutions engineering at Island.io, to discuss this. For a full drill down please give the accompanying podcast a listen.

Built on the Chromium open source code, Island’s Enterprise Browser recognizes the identity and considers the role of each user—be it an employee, contractor, or HR personnel. This granular visibility aids in rapid onboarding while also bolstering security protocols, Huynh explained.

This can serve as a “last mile” checkpoint to curtail Shadow IT; in particular, the exploding popularity of generative AI.

Guest expert: Uy Huynh, VP of solutions engineering, Island.io

Island’s solution prevents sensitive data from slipping out from a web browser into services like ChatGPT, or through downloads, screen shots, printing or copy/paste.

“With generative AI, you could inadvertently be placing your intellectual property or other sensitive information into large language models that anyone can access,” Huynh warns.

Meanwhile, a specific alert can be communicated to the user, enhancing awareness training, and reinforcing compliance.

“In essence, what we’re trying to do is to offer enterprises granular control over their browser environment,” Huynh says.

Anything that can improve security while preserving a high-quality user experience has a place in networks, going forward. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

API security has arisen as a cornerstone of securing massively interconnected cloud applications.

At Black Hat USA 2023, I had a great discussion about API security with Data Theorem COO Doug Dooley and Applovin CISO Jeremiah Kung. For a full drill down, please give the accompanying podcast a listen.

As a fast-rising mobile ad network going toe-to-toe with Google and Facebook, Applovin has been acquiring advanced security tools and shaping new practices to manage its API exposures. Kung described for me how Data Theorem’s API Secure is proving to be a vital weapon in Applovin’s security arsenal.

APIs have become the “lifeblood” of apps and thus a prime target for cyber criminals, Kung says. AppLovin has learned that it must mitigate API exposures from multiple angles, he told me.

Robust API security has become table stakes – for cloud-native companies like AppLovin as well as for legacy enterprises stepping up their cloud plays, Dooley argues.

Guest experts: Doug Dooley, COO, Data Theorem; Jeremiah Kung, CISO, Applovin

“The moment you go cloud, the number of attack surfaces explodes and there’s really no way to stop it, because it’s like trying to stop innovation,” Dooley says. “As long as you let feature development happen with modern techniques of cloud services and third-party software suppliers, you’re going to have more APIs than you even realize you have embedded and exposed throughout your application stacks.”

Securing APIs is even more vital as generative AI takes center stage, giving attackers one more powerful tool to scale up their campaigns. Yes,  AI is bolstering hacking techniques; but it can also strengthen defensive capabilities by security teams, programs, and products Dooley observes.

The arms race is just warming up, folks. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

LAS VEGAS — Penetration testing, traditionally, gave businesses a nice, pretty picture of their network security posture — at a given point in time.

Related: Going on the security offensive

Such snapshots proved useful for building audit trails, particularly for companies in heavily regulated industries. However, manual pentests never really were very effective at shining a light on emerging cyber exposures of the moment.

Enter advanced pentesting. One of the hot topics at Black Hat USA 2023, which ramps up here this week in the desert heat, is how automation and machine learning are underpinning pentesting solutions deeply and continuously. This self-service, self-directed, continuous infrastructure pentesting approach allows organization to discover their exploitable attack surfaces and reduced their risk.

I had the chance to visit with someone in the thick of this important shift: Snehal Antani, CEO of Horizon3.ai, a San Francisco-based supplier of “autonomous” vulnerability assessment technology. For a full drill down, please give the accompanying podcast a listen.

Guest expert: Snehal Antani, CEO, Horizon3.ai

Since its launch in 2020, Horizon3 has run more than 24,000 automated pentests — with a singular focus on building out advanced decision-making algorithms, Antani told me. This is all towards providing its customers with a granular, real-time view of their exploitable network vulnerabilities and equipping them to remediate more efficiently, he says.

Is what Horizon3 and other pentesting innovators are pursuing going to be enough to keep pace as the threat actors leverage generative AI to pump up their attacks? I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

The rise of the remote workforce, post Covid-19, did nothing to make the already difficult task of doing Identity and Access Management (IAM) any easier for CISOs.

With Black Hat USA 2023 ramping up in Las Vegas next week, cybersecurity startup Trustle is championing a new product category—Identity Threat Detection & Response (ITDR)—which aims to enhance the capabilities of legacy IAM solutions.

Companies today are struggling to answer fundamental questions about their cloud environments, such as, who are my users and what can they access? How did they obtain this access? When they don’t need this access, do their identities still exist? Questions like these are a driving force behind the adoption of ITDR, which is becoming a crucial component in the realm of Cloud Infrastructure Entitlement Management (CIEM) and access management.

I had the chance to sit down with Trustle CEO Emiliano Berenbaum to learn just how ITDR Tcan help companies much more efficiently manage user identities and access privileges, while also strengthening security, in an increasingly complex operating environment. For a drill down, please give the accompanying podcast a listen.

Guest expert: Emiliano Berenbaum, CEO, Trustle

For its part, Trustle is focused on taking a more advanced approach to needs-based access control. Trustle feels that if it’s easy for employees to obtain the access they need to do their job, it will be easy to give it up when they are done needing it. Alternatively, if it’s hard to get access because the process is complicated and slow, those employees are going to push back harder on giving up the access once they get it, yet may no longer need it – posing access-at-risk to the organization.

“The big thing is managing entitlements across multiple SaaS applications,” Berenbaum told me. “Today, it’s more of a manual process and we’re trying to automate that more and more with machine learning.”

As we move deeper into massively interconnected services, more granular vetting of user identities and access privileges surely makes good sense. Will ITDR arise as a critical component of securing modern networks. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Penetration testing – pen tests – traditionally have been something companies might do once or twice a year.

Related: Cyber espionage is on the rise

Bad news is always anticipated. That’s the whole point. The pen tester’s assignment is to seek out and exploit egregious, latent vulnerabilities – before the bad guys — thereby affording the organization a chance to shore up its network defenses.

Pen testing has limitations, of course. The probes typically take considerable effort to coordinate and often can be more disruptive than planned.

These shortcomings have been exacerbated by digital transformation, which has vastly expanded the network attack surface.

Guest expert: Snehal Antani, CEO, Horizon3.ai

I had the chance at Black Hat 2022 to visit with Snehal Antani and Monti Knode, CEO and director of customer success, respectively, at Horizon3.ai, a San Francisco-based startup, which launched in 2020. Horizon3 supplies “autonomous” vulnerability assessment technology.

Co-founder Antani previously served as the first CTO for the U.S. Joint Special Operations Command (JSOC)  and Knode was a commander in the U.S. Air Force 67th Cyberspace Operations Group. They argue that U.S. businesses need to take a wartime approach the cybersecurity. For a full drill down, please give the accompanying podcast a listen.

Horizon3’s flagship service, NodeZero, is designed to continuously assess an organization’s network attack surface to identify specific scenarios by which an attacker might combine stolen credentials with misconfigurations or software flaws to gain a foothold.

Will pen testing make a great leap forward? I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

APIs have come to embody the yin and yang of our digital lives.

Related: Biden moves to protect water facilities

Without application programming interface, all the cool digital services we take for granted would not be possible.

But it’s also true that the way software developers and companies have deployed APIs has contributed greatly to the exponential expansion of the cyber-attack surface. APIs have emerged as a go-to tool used by threat actors in all phases of sophisticated, multi-stage network attacks.

Upon gaining a toehold on a targeted device or server, attackers now quickly turn their attention to locating and manipulating available APIs to hook deeply into company systems. APIs provide paths to move laterally, to implant malware and to steal data.

Guest expert: Sudeep Padiyar, founding member, Traceable.ai

The encouraging news is that API security technology has advanced quite a bit over the past five years or so.

I had the chance at Black Hat 2022 to visit with Sudeep Padiyar, founding member and director of product management, at Traceable, a San Francisco-based supplier of advanced API security systems. Traceable launched in 2018, the brainchild of tech entrepreneurs Jyoti Bansal and Sanjay Nagaraj; it provides deep-dive API management capabilities — as software is being developed and while it is being used in the field.

We discussed the Gordian-knot challenge security teams face getting a grip on the avalanche of APIs hooking into their organizations. For a full drill down, please give the accompanying podcast a listen.

The security-proofing of APIs is gaining traction, and that’s a very good thing. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Short-handed cybersecurity teams face a daunting challenge.

Related: ‘ASM’ is cybersecurity’s new centerpiece

In an intensely complex, highly dynamic operating environment, they must proactively mitigate myriad vulnerabilities and at the same time curtail the harm wrought by a relentless adversary: criminal hacking collectives.

In short, attack surface management has become the main tent pole of cybersecurity. A rock-solid, comprehensive battle plan has been painstakingly laid out, in the form of the NIST Cybersecurity Framework. And now advanced weaponry is arriving that leverages data analytics to tighten up systems and smother attacks.

Guest expert: Justin Fier, VP Tactical Risk and Response, Darktrace

One supplier in the thick of this development is Cambridge, UK-based Darktrace, a supplier of security systems designed to help companies“think like an attacker,’ says Justin Fier, Darktrace vice-president of tactical risk and response, whom I had the chance to visit with at Black Hat 2022.

We discussed how legacy, on-premises cybersecurity systems generate massive amounts of telemetry – data which is perfectly suited for high-scale, automated data analytics. This is why it makes so much sense for artificial intelligence, generally, to be brought to bear in attack surface management.

Darktrace’s AI solutions, for instance, can help companies rein in API exposures,  defuse shadow IT,  protect their supply chain and even boost DevSecOps, Fier told me. For a full drill down on our conversation, please give the accompanying podcast a listen.

What’s going to happen as more of these advanced, AI-infused cybersecurity weapons get into the mix on the side of the good guys? I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors w

The sunsetting of Virtual Private Networks is underway.

Related: VPNs as a DIY tool for consumers, small businesses

VPNs are on a fast track to becoming obsolete, at least when it comes to defending enterprise networks. VPNs are being replaced by zero trust network access, or ZTNA.

VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe. VPNs verify once and that’s it. This was an effective approach when on-premises data centers predominated.

By contrast, ZTNA never trusts and always verifies. A user gets continually vetted, per device and per software application — and behaviors get continually analyzed to sniff out suspicious patterns.

Guest expert: Rajiv Pimplaskar, CEO, Dispersive

This new approach is required — now that software-defined resources scattered across hybrid and public clouds have come to rule the day.

I had the chance at Black Hat 2022 to visit with Rajiv Pimplaskar, CEO at Dispersive,  an Alpharetta, GA-based supplier of advanced cloud obfuscation technology. We discussed how ZTNA has emerged as a key component of new network security frameworks, such as secure access service edge (SASE) and security service edge (SSE)

We also spoke about how Dispersive is leveraging spread spectrum technology, which has its roots in World War II submarine warfare, to more effectively secure modern business networks. For a full drill down on our forward-looking discussion, please give the accompanying podcast a listen.

Can the deployment of WWII battlefield technology turn the tide against hordes of threat actors? I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)