Category: Podcasts

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts.

Related: The Golden Age of cyber espionage

Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Meanwhile, Russia has turned to weaponing ransomware in its attempt to conquer Ukraine, redoubling this threat. Now that RSA Conference 2023 has wrapped, these things seem clear: ransomware is here to stay; it is not, at this moment, being adequately mitigated; and a new approach is needed to slow, and effectively put a stop to, ransomware.

I had the chance to visit with Steve Hahn, EVP Americas, at Bullwall, which is in the vanguard of security vendors advancing ways to instantly contain threat actors who manage to slip inside an organization’s network.

Guest expert: Steve Hahn, EVP Americas, Bullwall

Bullwall has a bird’s eye view of Russia’s ongoing deployment of ransomware attacks against Ukraine, and its allies, especially the U.S.

Weaponized ransomware doubly benefits Russia: it’s lucrative, generating  billions in revenue and thus adding to Putin’s war chest; and at the same time it also weakens a wide breadth of infrastructure of Putin’s adversaries across Europe and North America.

Containment is a logical tactic that could make a big difference in stopping ransomware and other types of attacks. For a full drill down, please give the accompanying podcast a listen. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

 

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts.

Related: The Golden Age of cyber espionage

Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Meanwhile, Russia has turned to weaponing ransomware in its attempt to conquer Ukraine, redoubling this threat. Now that RSA Conference 2023 has wrapped, these things seem clear: ransomware is here to stay; it is not, at this moment, being adequately mitigated; and a new approach is needed to slow, and effectively put a stop to, ransomware.

I had the chance to visit with Steve Hahn, EVP Americas, at Bullwall, which is in the vanguard of security vendors advancing ways to instantly contain threat actors who manage to slip inside an organization’s network.

Guest expert: Steve Hahn, EVP Americas, Bullwall

Bullwall has a bird’s eye view of Russia’s ongoing deployment of ransomware attacks against Ukraine, and its allies, especially the U.S.

Weaponized ransomware doubly benefits Russia: it’s lucrative, generating  billions in revenue and thus adding to Putin’s war chest; and at the same time it also weakens a wide breadth of infrastructure of Putin’s adversaries across Europe and North America.

Containment is a logical tactic that could make a big difference in stopping ransomware and other types of attacks. For a full drill down, please give the accompanying podcast a listen. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

 

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe.

Related: Fallout of T-Mobile hack

Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise.

I had an evocative conversation about this at RSA Conference 2023 with Asaf Ashkenazi, CEO of Verimatrix, a cybersecurity company headquartered in southern France. We discussed how the Dark Web teems with hackers offering targeted mobile app attacks on major companies.

Many corporations outsource their mobile app development, and these apps often exhibit poor security practices, making them easy targets for cybercriminals, he says.

Verimatrix is coming at this problem with a fresh approach that has proven its efficacy in Hollywood where the company has long helped lock down content such as premium movies and live streamed sporting events.

Guest expert: Asaf Ashkenazi, CEO, Verimatrix

Its technology revolves around application-level protection and monitoring, which allows Verimatrix to collect data on app behavior without invading user privacy.

Coding embedded in the app provide a granular level of insight into what’s happening — when the app is actually running — and a degree of control that’s simply not doable with legacy mobile app security solutions, he told me.

For a full drill down, please give the accompanying podcast a close listen. Ashkenazi argues that we need better security solutions in general to mitigate the AI-generated threats running on our most cherished devices.

He observes that threat actors already use generative AI tools like  ChatGPT, Google Bard and Microsoft Edge to innovate malware; to keep pace, companies are going to have to get much better at not just identifying, but predicting attacks, especially on mobile apps. Agreed. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Could cybersecurity someday soon be implemented as a business enabler, instead of continuing to be viewed as an onerous business expense?

Related: Security sea-change wrought by ‘CMMC’

This would fit nicely with the ‘stronger together’ theme heralded at RSA Conference 2023.

WithSecure is one cybersecurity vendor that is certainly on this path. I had a lively conversation at Moscone Center with CEO Juhani Hintikka and CTO Tim Orchard all about something they’re championing as “outcome-based security.” In sum, this refers to the notion of correlating the mix of security tools and services a company has at hand much more directly with precisely defined business targets.

“We actually need to integrate cybersecurity with the business goals of the enterprise,” Hintikka observes.

WithSecure isn’t a startup; it’s the rebranding of Helsinki-based F-Secure, which has been around since 1988 and is well-established as a leading supplier of endpoint security and threat intelligence.

Guest experts: Tim Orchard, CTO, and Juhani Hintikka, CEO, WithSecure

Hintikka and Orchard argue for a more collaborative style of security services; for a drill down on our conversation please give the accompanying podcast a close listen.

The efficacy of this approach, they told me, is proving out in the success WithSecure is having with its customers, especially mid-sized companies. “In Germany, which is famous for mid-market companies, we seamlessly integrate our MDR service on top of our customers’ legacy systems, working alongside their teams,” Hintikka told me. “It’s truly a joint effort.”

The maturation of managed security services continues. There should be plenty more to come. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Attack surface expansion translates into innumerable wide-open vectors of potential unauthorized access into company networks.

Related: The role of legacy security tools

Yet the heaviest volume of routine, daily cyber attacks continue to target a very familiar vector: web and mobile apps.

At RSA Conference 2023, I had the chance to meet with Paul Nicholson, senior director of product marketing and analyst relations at A10 Networks. A10 has a birds eye view of the flow of maliciousness directed at web and mobile apps — via deployments of its Thunder Application Delivery Controller (ADC.)

We discussed why filtering web and mobile app traffic remains as critical as ever, even as cloud migration intensifies; for a full drill down, please give the accompanying podcast a listen.

Companies today face a huge challenge, Nicholson says. They must make ongoing assessments about IT infrastructure increasingly spread far and wide across on-premises and public cloud computing resources.

Guest expert: Paul Nicholson, senior director, product marketing & analyst relations, A10 Networks

The logical place to check first for incoming known-bad traffic remains at the gateways where application traffic arrives.

At RSAC 2023, A10 announced the addition of a next-generation web application firewall (NGWAF,) powered by Fastly, to its core Thunder ADC service. This upgrade, he told me, is expressly aimed at helping companies optimize secure performance of their hybrid cloud environments.

This is another encouraging example of stronger together advancement. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we co

 

Email remains by far the no.1 business communications tool. Meanwhile, weaponized email continues to pose a clear and present threat to all businesses.

Related: The need for timely training

At RSA Conference 2023, I learned all about a new category of email security — referred to as integrated cloud email security (ICES) – that is helping companies more effectively keep email threats in check.

I met with Eyal Benishti, CEO of IRONSCALES, a supplier of ICES tools and cybersecurity training services. For a full drill down on our conversation, please give the accompanying podcast a close listen.

Phishing is still the main way bad actors slip into networks; and Business Email Compromise (BEC) attacks can instantly translate into crippling losses.

Guest expert: Eyal Benishti, CEO, Ironscales

Successful attacks slip past legacy security email gateways (SEGs) and even past the newer ‘cloud-native security’ controls that Microsoft and Google have embedded Microsoft 365 and Google Workspace. These filters look for known bad attachments and links.

ICES solutions vet the messages that slip through. IRONSCALES, for instance, applies natural language processing technology to identify patterns and flush out anything suspicious. And its complementary security awareness training modules encourage employees to participate in isolating anything suspicious that leaks into their inboxes.

“The security gateways and cloud-native security controls look at content but that’s not enough,” Benishti observes. “You also need to look at context; both perspectives are needed.”

It’s clear that layers of protection, along with better-trained employees, have become table stakes. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Software composition analysis — SCA – is a layer of the security stack that, more so than ever, plays a prominent role in protecting modern business networks.

Related: All you should know about open-source exposures

This is especially true as software developers increasingly rely on generic open source and commercial components to innovate in hyperkinetic DevOps and CI/CD mode.

Open source coding has come to dominate business software applications; rising to comprise 75 percent of audited code bases and putting open source on a trajectory to become a $50 billion subsector of technology by 2026.

As RSA Conference 2023 gets underway today at San Francisco’s Moscone Center, advanced ways to secure open source components is getting a good deal of attention. The infamous SolarWinds breach put a spotlight on the risk of malicious open-source components, and the White House has put its weight behind software supply chain best practices.

Guest expert: Rami Sass, CEO, Mend

I had the chance to visit with Rami Sass, CEO of Mend, a Tel Aviv-based supplier of automated remediation technologies designed to help keep open source components as secure as possible. For a full drill down on our conversation please give the accompanying podcast a listen.

Sass filled me in about a trend that started about two and a half years ago; he noted that bad actors have turned their full attention to seeking out and exploiting fresh vulnerabilities in fully updated open-source components in live service.

Mend and other SCA solution vendors are stepping up their game to counter this trend. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

Managed Security Service Providers, MSSPs, have been around for some time now as a resource to help companies operate more securely.

Related: CMMC mandates best security practices

Demand for richer MSSP services was already growing at a rapid pace, as digital transformation gained traction – and then spiked in the aftermath of Covid 19. By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.

At RSA Conference 2023 , which gets underway next week at San Francisco’s Moscone Center, I expect that there’ll be buzz aplenty about the much larger role MSSPs seem destined to play.

I had the chance to visit with Geoff Haydon, CEO of Ontinue, a Zurich-based supplier of a managed extended detection and response (MXDR) service. We discussed the drivers supporting the burgeoning MSSP market, as well as where innovation could take this trend.

Guest expert: Geoff Haydon, CEO, Ontinue

For its part, Ontinue is leveraging Microsoft collaboration and security tools and making dedicated cyber advisors available to partner with its clients. “Microsoft has emerged as the largest, most important cybersecurity company on the planet,” Haydon told me. “And they’re also developing business applications that are very conducive to delivering and enriching a cyber security program.”e

I covered Microsoft as a USA TODAY technology reporter when Bill Gates suddenly ‘got’ cybersecurity, so this part of our discussion was especially fascinating. For a drill down, please give the accompanying podcast a listen. Meanwhile, I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

Good intelligence in any theater of war is invaluable. Timely, accurate intel is the basis of a robust defense and can inform potent counterattacks.

Related: Ukraine hit by amplified DDoS

This was the case during World War II in The Battle of Midway and at the Battle of the Bulge and it holds true today in the Dark Web. The cyber underground has become a highly dynamic combat zone in which cyber criminals use engrained mechanisms to shroud communications.

That said, there are also many opportunities for companies to glean and leverage helpful intel from the Dark Web. As RSA Conference 2023 gets underway next week at San Francisco’s Moscone Center, advanced ways to gather and infuse cyber threat intelligence, or CTI, into fast-evolving network defenses is in the spotlight.

I had the chance to visit with Jason Passwaters, CEO of Intel 471, a US-based supplier of cyber threat intelligence solutions.

Guest expert: Jason Passwaters, CEO, Intel 471

We discussed how the cyber underground has shifted from being perceived as deep and dark to a well-organized world with defined business models, supply chains, and relatively low barrier of entry.

“As the cyber underground becomes more sophisticated, the level of threat increases exponentially for legitimate businesses and nation-states,” Passwaters told me. “The underground is now the domain of organized cybercriminals with clear hierarchies and targeted revenue goals.”

Intel 471 directs comprehensive threat intelligence at identifying, prioritizing and preventing cyber attacks. For a full drill down, please give the accompanying podcast a listen. Good intel in warfare can’t be overstated. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

Embedding security into the highly dynamic way new software gets created and put into service — on the fly, by leveraging ephemeral APIs — has proven to be a daunting challenge.

Related: The fallacy of ‘security-as-a-cost-center’

Multitudes of security flaws quite naturally turn up – and threat actors have become adept at systematically discovering and exploiting these fresh vulnerabilities.

As RSA Conference 2023 gets underway next week at San Francisco’s Moscone Center, advanced application security and API security tools and practices are grabbing a lot of attention.

I had the chance to visit with Scott Gerlach, chief security officer and co-founder of StackHawk, a Denver-based software company launched in 2019 to join the phalanx of vendors innovating like crazy to dial-in meaningful code checks, in just the right measure, at just the right moment.

Guest expert: Scott Gerlach, CSO, StackHawk

We had a great conversation about how the venerable “shift left” security philosophy is being refined so that it better aligns with the way software gets developed today – at light speed. This has led to security vendors, StackHawk among them, putting great energy into weaving security more tightly into DevOps, CICD and more.

“Shift left still applies because you do want to get security processes into the left side where you design, develop, test and deploy,” Gerlach told me. “But it’s really about how can we get security information closer to the people who are writing code, changing code and fixing code.”

In short, “shift everywhere” is the new “shift left.” For a full drill down, please give the accompanying podcast a listen. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)