Category: RSA Podcasts

Business data today gets scattered far and wide across distributed infrastructure.

Just knowing where to look – or even how to look – much less enforcing security policies, has become next to impossible for many organizations.

At RSAC 2024, I visited with Pranava Adduri, co-founder and CEO of Bedrock Security which has just rolled out its AI Reasoning (AIR) Engine to help solve this problem in a bold new way.

The start-up leverages serverless architectures to discover patterns in large datasets and then maps out data boundaries without having to examine every single data point.

This “commoditization” of data discovery, as Adduri puts it, slashes the cost of data discovery at scale. For instance, Amazon’s AWS Macie service charges around $1,000 per terabyte for data discovery, or $1 million per petabyte, Adduri told me.

By contrast, he says, Bedrock’s patented “adaptive sampling” technology can scan 16 petabytes of data for just $2,000. Their system then superimposes a dynamic heat map to categorize the data “neighborhoods” based on sensitivity at any given moment.

“We come at it from big data background,” Adduri says. “Step one is you have to keep track of all the stuff that’s happening; step two is you have to make sense of it; and step three is you have to constantly remediate.”

Bedrock secured a $10 million seed investment led by Greylock Partners and it has a growing portfolio of customers reporting strong results, Adduri says.

For a full a drill down please give the accompanying podcast a listen.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

The post RSAC Fireside Chat: Bedrock Security introduces advanced approach to “commoditize” data discovery first appeared on The Last Watchdog.

It took some five years to get to 100 million users of the World Wide Web and it took just one year to get to 100 million Facebook users.

Related: LLM risk mitigation strategies

Then along came GenAI and Large Language Models (LLM) and it took just a couple of weeks to get to 100 million ChatGPT users.

LLM is a game changer in the same vein as the Gutenberg Press and the Edison light bulb. It gives any literate human the ability to extract value from data.

Companies in all sectors are in a mad scramble to reap its benefits, even as cyber criminals feast on a new tier of exposures. As RSAC 2024 gets under way next week in San Francisco, the encouraging news is that the cybersecurity industry is racing to protect business networks, as well.

Case in point, the open-source community has coalesced to produce the OWASP Top Ten for Large Language Model Applications. Amazingly, just a little over a year ago this was a mere notion dreamt up by Exabeam CPO Steve Wilson.

“I spent some time on a weekend drawing up a scratch version of a Top Ten list, partly by having a discussion with ChatGPT about it,” Wilson told me. “The first thing I asked was, ‘Do you know what an OWASP Top Ten list is?’ And it said, ‘Yes.’  And I said, ‘Build me one for LLM.’  It did, but it wasn’t very good . . . I then spent a lot of time feeding it data about things and coaching it and cajoling it and having a discussion.”

By the end of an afternoon of prompting, Wilson had a list he thought was “pretty interesting,” which he socialized in his professional communities. That was a little over a year ago. What happened next is unprecedented. For a full drill down, please give the accompanying podcast a listen.

The pace of change is accelerating. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.

Back in 2002, when I was a reporter at USA Today, I had to reach for a keychain fob to retrieve a single-use passcode to connect remotely to the paper’s publishing system.

Related: A call to regulate facial recognition

This was an early example of multifactor authentication (MFA). Fast forward to today; much of the MFA concept is being reimagined by startup Circle Security to protect data circulating in cloud collaboration scenarios.

I learned about this at RSA Conference 2023 from company Co-founder and CEO Phani Nagarjuna, who explained how Circle extends the use of encryption keys fused to biometrics and decentralizes where copies of the keys are stored. For a full drill down, give the accompanying podcast a listen.

Guest expert: Phani Nagarjuna, CEO, Circle Security

According to Nagarjuna, Circle’s technology places a small agent on the endpoint device. This facilitates the creation of an asymmetric key pair and a symmetric AES256 key. Together these keys authenticate the user’s identity and enable secure and private access to cloud-stored data and resources.

Access to cloud-stored files can then be shared widely. But only authorized individuals, with proof of identity originating from their authenticated device, can open the files. All access attempts get audited using a built-in distributed ledger, allowing policy enforcement and quick remediation.

This iteration of my old-school keychain fob thus eliminates the need for usernames and passwords while much more robustly protecting sensitive data, Nagarjuna asserts. How much traction will it get? I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

A cloud migration backlash, of sorts, is playing out.

Related: Guidance for adding ZTNA to cloud platforms

Many companies, indeed, are shifting to cloud-hosted IT infrastructure, and beyond that, to containerization and serverless architectures.

However, a “back-migration,” as Michiel De Lepper, global enablement manager, at London-based Runecast, puts it, is also ramping up. This is because certain workloads are proving to be too costly to run in the cloud — resource-intensive AI modeling being the prime example.

I had an evocative discussion about this with De Lepper and his colleague, Markus Strauss, Runecast product leader, at RSA Conference 2023. For a full drill down, please give the accompanying podcast a listen. The duo outlined how a nascent discipline — Cloud-Native Application Protection Platforms (CNAPP) – factors in.

Guest experts: Markus Strauss, Product Leader, and Michiel De Lepper, Global Enablement Manager, Runecast

CNAPP solutions focus on monitoring and enforcing security policies on workloads and in applications – during runtime. This is no small feat in an operating environment of co-mingled on-prem and cloud-hosted resources.

Runecast, for instance, takes a proactive approach to risk-based vulnerability management, configuration management, container security, compliance auditing, remediation and reporting.

This helps with compliance, at one level, but also continually improves detection of any soft spots and/or active attacks, while also paving the road to automated  remediation.

“It’s no longer about creating shields,” De Lepper told me, “Instead, we’re helping our customers plug all the gaps the bad guys can use.”

CNAPP solutions show promise for helping overcome the complexities of fragmented defenses; will they ultimately lead to more resilient business networks?  I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The world of Identity and Access Management (IAM) is rapidly evolving.

Related: Stopping IAM threats

IAM began 25 years ago as a method to systematically grant human users access to company IT assets. Today, a “user” most often is a snippet of code seeking access at the cloud edge.

At the RSAC Conference 2023, I sat down with Venkat Raghavan, founder and CEO of start-up Stack Identity. As Raghavan explained, the rapid growth of data and subsequent application development in the cloud has led to a sprawling array of identities and access points. This, he warned, has created a new problem: shadow access.

Shadow access refers to ungoverned and unauthorized access that arises due to the speed and automation of cloud deployment.For a drill down, please give the accompanying podcast a listen.

Guest expert: Venkat Raghavan, CEO, Stack Identity

Stack Identity’s solution quickly onboards a customer’s cloud accounts, methodically identifies potential pathways to data and comprehensively assesses risk. Once all human and non-human access points are identified, automated remediation kicks in to eliminate shadow access.

Notably, this process happens at runtime, watching access in real-time, and looking at how access is utilized, Raghavan told me.

“We have seen that in live customer environments that over 50 percent of identities are over-permissioned and should have access permissions revoked,” he says.”This represents a substantial risk for companies.”

This risk is material; just ask Capital One or LastPass. Here’s another example of directing ML and automation at shrinking the attack surface. Stack Identity emerged from stealth just last month with $4 million in seed funding. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

The inadequacy of siloed security solutions is well-documented.

Related: Taking a security-first path

The good news is that next-gen security platforms designed to unify on-prem and cloud threat detection and remediation are, indeed, coalescing.

At RSA Conference 2023 I visited with Elias Terman, CMO, and Sudarsan Kannan, Director of Product Management, from Uptycs, a Walthan, Mass.-based supplier of “unified CNAPP and EDR ” services.

They described how Uptycs is borrowing proven methodologies from Google, Akamai, SAP and Salesforce to harness normalized telemetry that enables Uptycs to correlate threat activity — wherever it is unfolding. Please give a listen to the accompanying podcast for a full drill down.

Guest experts: Elias Terman, CMO, Sudarsan Kannan, Director of Product Management, Uptycs

Kannan described how Uptycs technology platform was inspired by Google’s dynamic traffic monitoring, Akamai’s content distribution prowess and Salesforce’s varied use cases based on a single data model, to help companies materially upgrade their security posture. The aim, he says, is to think like attackers, who certainly don’t operate in silos.

Terman offered the analogy of a “golden thread” stitching together varied threat activities and serving as a cloud security early warning system. The entire value chain is thereby protected, Kannan added, from the developers writing the code to automated connections to critical cloud workloads.

Terman detailed how Uptycs’ platform, indeed, touches everything within the modern attack surface and, in doing so, breaks down legacy silos and facilitates  better security outcomes.

This is part and parcel of the helpful dialogue that will carry us forward. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

As digital transformation accelerates, Application Programming Interfaces (APIs) have become integral to software development – especially when it comes to adding cool new functionalities to our go-to mobile apps.

Related: Collateral damage of T-Mobile hack

Yet, APIs have also exponentially increased the attack vectors available to malicious hackers – and the software community has not focused on slowing the widening of this security gap.

Mobile apps work by hooking into dozens of different APIs, and each connection presents a vector for bad actors to get their hands on “API secrets,” i.e. backend data to encryption keys, digital certificates and user credentials that enable them to gain unauthorized control.

I learned this from Ted Miracco, CEO of Approov, in a discussion we had at RSA Conference 2023. For a full drill down, please give the accompanying podcast a listen.

Guest expert: Ted Miracco, CEO, Approov

He also explains how hackers are carrying out “man in the middle” attacks during a mobile app’s runtime in ways that enable them to manipulate the communication channel between the app and the backend API.

Hackers know just how vulnerable companies are at this moment. Approov recently did a deep dive study of 650 financial services mobile apps of financial institutions across Europe and the US. The results were startling: the researchers could access API secrets in 95 percent of the apps, including “high value” secrets” in 25 percent of them.

Until API security generally gains a lot more ground, and next gen solutions achieve critical mass, the risk level will remain high. So be careful out there. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts.

Related: The Golden Age of cyber espionage

Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Meanwhile, Russia has turned to weaponing ransomware in its attempt to conquer Ukraine, redoubling this threat. Now that RSA Conference 2023 has wrapped, these things seem clear: ransomware is here to stay; it is not, at this moment, being adequately mitigated; and a new approach is needed to slow, and effectively put a stop to, ransomware.

I had the chance to visit with Steve Hahn, EVP Americas, at Bullwall, which is in the vanguard of security vendors advancing ways to instantly contain threat actors who manage to slip inside an organization’s network.

Guest expert: Steve Hahn, EVP Americas, Bullwall

Bullwall has a bird’s eye view of Russia’s ongoing deployment of ransomware attacks against Ukraine, and its allies, especially the U.S.

Weaponized ransomware doubly benefits Russia: it’s lucrative, generating  billions in revenue and thus adding to Putin’s war chest; and at the same time it also weakens a wide breadth of infrastructure of Putin’s adversaries across Europe and North America.

Containment is a logical tactic that could make a big difference in stopping ransomware and other types of attacks. For a full drill down, please give the accompanying podcast a listen. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

 

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts.

Related: The Golden Age of cyber espionage

Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Meanwhile, Russia has turned to weaponing ransomware in its attempt to conquer Ukraine, redoubling this threat. Now that RSA Conference 2023 has wrapped, these things seem clear: ransomware is here to stay; it is not, at this moment, being adequately mitigated; and a new approach is needed to slow, and effectively put a stop to, ransomware.

I had the chance to visit with Steve Hahn, EVP Americas, at Bullwall, which is in the vanguard of security vendors advancing ways to instantly contain threat actors who manage to slip inside an organization’s network.

Guest expert: Steve Hahn, EVP Americas, Bullwall

Bullwall has a bird’s eye view of Russia’s ongoing deployment of ransomware attacks against Ukraine, and its allies, especially the U.S.

Weaponized ransomware doubly benefits Russia: it’s lucrative, generating  billions in revenue and thus adding to Putin’s war chest; and at the same time it also weakens a wide breadth of infrastructure of Putin’s adversaries across Europe and North America.

Containment is a logical tactic that could make a big difference in stopping ransomware and other types of attacks. For a full drill down, please give the accompanying podcast a listen. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

 

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe.

Related: Fallout of T-Mobile hack

Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise.

I had an evocative conversation about this at RSA Conference 2023 with Asaf Ashkenazi, CEO of Verimatrix, a cybersecurity company headquartered in southern France. We discussed how the Dark Web teems with hackers offering targeted mobile app attacks on major companies.

Many corporations outsource their mobile app development, and these apps often exhibit poor security practices, making them easy targets for cybercriminals, he says.

Verimatrix is coming at this problem with a fresh approach that has proven its efficacy in Hollywood where the company has long helped lock down content such as premium movies and live streamed sporting events.

Guest expert: Asaf Ashkenazi, CEO, Verimatrix

Its technology revolves around application-level protection and monitoring, which allows Verimatrix to collect data on app behavior without invading user privacy.

Coding embedded in the app provide a granular level of insight into what’s happening — when the app is actually running — and a degree of control that’s simply not doable with legacy mobile app security solutions, he told me.

For a full drill down, please give the accompanying podcast a close listen. Ashkenazi argues that we need better security solutions in general to mitigate the AI-generated threats running on our most cherished devices.

He observes that threat actors already use generative AI tools like  ChatGPT, Google Bard and Microsoft Edge to innovate malware; to keep pace, companies are going to have to get much better at not just identifying, but predicting attacks, especially on mobile apps. Agreed. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)