Category: RSAC

When Log4J came to light in 2021, Kinnaird McQuade, then a security engineer at Square, drew the assignment of testing endpoints at some 5,000 users of the popular mobile payments service.

Related: The big lesson from Log4J

“It took us eight hours to run the scan and I was sweating it because these were all small family businesses that depended on Square, and if any of them got popped, it would be real people that were affected,” McQuade told me.

That ordeal proved to be a catalyst for McQuade, a renowned ethical hacker and creator of popular open-source security tools, to launch NightVision and succeed where static application security testing (SAST) and dynamic application security testing (DAST) have failed.

The focus is on providing a software testing solution that does not impede innovation, provides clear guidance to developers and identifies software vulnerabilities long before public release. Last week, NightVision announced the commercial availability of its first application security testing solution.

I visited with McQuade, who’s now NightVision’s CTO, and George Prince, CEO, at RSAC 2024 a couple weeks prior to their launch. For a full drill down, please give the accompanying podcast a listen.

NightVision recently announced $5.4 million seed backing of its hybrid approach to enable software developers to detect vulnerabilities quickly and accurately, tracing them back to the source code for immediate action. This capability is crucial as businesses increasingly rely on APIs, the vast majority of which remain undocumented and vulnerable to attacks, Prince observes.

“We’re solving a fundamental problem at its root,” Prince says. “Our tools make it possible to perform security scans in seconds, not hours, and offer actionable insights that help developers fix issues before they reach production. This not only saves time but also significantly reduces the risk of security breaches.”??

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The post RSAC Fireside Chat: NightVision shines a light on software vulnerabilities, speeds up remediation first appeared on The Last Watchdog.

From MFA to biometrics, a lot has been done to reinforce user ID and password authentication — for human users.

Related: How weak service accounts factored into SolarWinds hack

By comparison, almost nothing has been done to strengthen service accounts – the user IDs and passwords set up to authenticate all the backend, machine-to-machine connections of our digital world.

Service accounts have multiplied exponentially in recent years and become a prime target of threat actors, since little has been done to beef up protection.

A just-out-of-stealth start-up, Anetac, has secured $16 million in funding to address this gaping blind spot. At RSAC 2024, I sat down with Baber Amin, Head of Product at Anetac, Diana Nicholas, co-founder of Anetac, to learn more.

Identity vulnerability is a dynamic problem, and Anetac’s platform dynamically provides real-time streaming visibility and monitoring of human and non-human accounts, service accounts, APIs, tokens and access keys. This approach contrasts with static scanning tools that have come along from the big name IAM solution providers, like Okta and CyberArk, Amin and Nicholas told me.

The idea for Anetac derived from asking companies about their pain points. “We spoke to major banks, insurance companies, and even small businesses,” Nicholas says. “The overwhelming response was that service account management is one of the biggest problems they face.”

Anetac’s platform can identify dormant accounts, map out weak protocol usage and even stop identity attacks in progress, Amin noted. For a full drill down on how Anetac aims to raise the bar, please give the accompanying podcast a listen. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

The post RSAC Fireside Chat: Start-up Anetac rolls out a solution to rising ‘service accounts’ exposures first appeared on The Last Watchdog.

The capacity to withstand network breaches, and minimize damage, is a key characteristic of digital resiliency.

Related: Selecting a Protective DNS

One smart way to do this is by keeping an eagle eye out for rogue command and control (C2) server communications. Inevitably, compromised devices will try to connect with a C2 server for instructions. And this beaconing must intersect with the Domain Name System (DNS.)

At RSAC 2024, I had an evocative discussion with David Ratner, CEO of HYAS, about advances being made in DNS security. For a full drill down, please give the accompanying podcast a listen.

HYAS gathers rich intelligence from multiple sources and then feeds it into a specialized graph database focused on a variety of infrastructure data including DNS traffic. This allow HYAS to isolate — and even predict — the formation of malicious infrastructure – before the attackers can fully weaponize the breached system.

“Our goal is to understand what’s going to be used as a command-and-control server in the future so that you can be blocking it now,” he told me.

DNS security and the overall Protective DNS space is rising in importance. The NSA’s Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems and subsequent CISA Shields Up initiative highlighted the necessity of such solutions. Additionally, cyber insurance carriers and the Department of Defense’s CMMC standard now recommend or require advanced protective DNS solutions.

Looking ahead, Ratner foresees protective DNS steadily advancing — to keep pace with C2 innovation sure to come from adversaries. As new attack patterns emerge, HYAS aims to adapt and expand its solutions to cut-off all types of C2 communications, he says.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The post RSAC Fireside Chat: Rich threat intel, specialized graph database fuel HYAS’ Protective DNS first appeared on The Last Watchdog.

Spread spectrum technology helped prevent the jamming of WWII radio-controlled torpedoes and subsequently became a cornerstone of modern-day telecom infrastructure.

For its next act, could spread spectrum undergird digital resiliency? I had an evocative discussion about this at RSAC 2024 with Dispersive CEO Rajiv Plimplaskar. For a full drill down, please give the accompanying podcast a listen.

For historical context, the U.S. military scattered radio-signals and added noise to radio transmissions — to prevent the jamming of torpedo controls. Decades later, the telecom industry figured out how to spread WiFi, GPS, BlueTooth and 5G signals over a wide bandwidth and then also added pseudo-random codes — to prevent tampering.

Dispersive launched in 2021 to adapt these same concepts to protecting sensitive network transmissions in a highly dynamic environment. Here what Plimplaskar told me:

“We’re leveraging spread spectrum concepts in terms of how conventional TCP/IP and UDP type of traffic is communicated between users and sites, cloud estates and sites and amongst each other. We take the information of value and split it across multiple streams. These streams travel across randomized pathways, across whatever infrastructure is available to them, and when they get to the destination, they are reassembled and reordered for consumption.”

Encryption gets applied across multiple planes and gets dynamically rotated, based on a predefined or policy-driven interval, he noted. The streams traverse a “situationally- aware” network that can “react in real time to a degraded network situation or even a cyber event.”

A step forward for resiliency. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The post RSAC Fireside Chat: Dispersive adapts WWII radio-signal masking tool to obfuscating network traffic first appeared on The Last Watchdog.

AppSec has never been more challenging.

By the same token, AppSec technology is advancing apace to help companies meet this challenge.

Related: AppSec market trajectory

At RSAC 2024, I sat down with Bruce Snell, cybersecurity strategist at Qwiet.ai, to hear a break down about how Qwiet has infused it’s preZero platform, with graph-database capabilities to deliver SAST, SCA, container scanning and secrets detection in a single solution. For a full drill down, please give the accompanying podcast a listen.

We also had a lively sidebar about the lessons security vendors are learning as they race to integrate GenAI and LLM technology into their respective solutions. Like many vendors I spoke to in San Francisco, Qwiet has trial tested several general-purpose and security-specific LLM tools.

“Utilizing the right LLM is extremely important,” Snell observes. “We intentionally built our auto fix tool so that we can replace the LLM if we need to, because we didn’t want to get locked in and then a few months later find out that there’s another LLM that handles this more efficiently.

“It’s like the old days of antivirus where one vendor would say, ‘Well, we detect 97 percent,’ and another would say, ‘Oh, we detect 98 percent.’ GenAI and LLMs are definitely in the space right now, and we want to make sure that we future-proof whatever we put together. And the only way to do that is to be modular.”

The pace of change notches higher. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The post RSAC Fireside Chat: Qwiet AI leverages graph-database technology to reduce AppSec noise first appeared on The Last Watchdog.

There was a lot of buzz at RSAC 2024 about how GenAI and Large Language Models (LLM) are getting leveraged — by both attackers and defenders.

Related: Is your company moving too slow or too fast on GenAI?

One promising example of the latter comes from messaging security vendor IRONSCALES.

I had the chance to sit down with Eyal Benishti, IRONSCALES founder and CEO, to get a breakdown of how their new Generative Adversarial Network (GAN) technology utilizes a specialized LLM to reinforce anti-phishing mitigation services.

Benishti explained how GAN can very effectively mitigate Deep Faked messages, images, audio and video using a specially-tuned LLM to stay a step ahead of threat actors, even those who themselves are utilizing GenAI/LLM tools to enhance their Deep Fakes.

Benishti told me about a remarkable GAN-powered phishing simulation test that took place recently with  highly-trained bank employees. GAN sent out personalized phishing ruses – and  deceived the employees who were previously impervious to template-based phishing tests.

One huge lesson gleaned is that the vendors who are integrating GenAI/LLM technology into their security tools have a huge advantage over threat actors: superior intelligence.

“We have access to public and non-public information, while the bad guys only have access to public information that anyone can get,” Benishti observes. “So we can really create something that is much more powerful than what they can create.”

When it comes to leveraging GenAI/LLM, it’s all about the prompting. For a full drill down, please give the accompanying podcast a listen.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

The post RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes first appeared on The Last Watchdog.

The open-source Chromium project seeded by Google more than a decade ago has triggered something of a web browser renaissance.

Related: Browser attacks mount

Browsers based on Chromium include Google Chrome and Microsoft Edge, which dominate in corporate settings – as well as popular upstarts Brave, Opera and Vivaldi. Together these browsers have given rise to a vast ecosystem of extensions – one that happens to align perfectly with a highly distributed work force and global supply chain.

Naturally, the flip side of cool, new browser capabilities is a yet another  expansion of the network attack surface. And this, in turn, has resulted in a surge of innovation in web browser security.

At RSAC 2024, I visited with  Vivek Ramachandran, founder of SquareX, a brand new start-up that’s in the thick of these developments. Google and Microsoft, he told me, are myopically focused on dealing with fresh coding vulnerabilities spinning out of Chrome and Edge and doing very little to stem live attacks.

Meanwhile, he argues, cloud-based security tools, namely secure web gateways (SWG) and security services edge (SSE) systems fall well short because of the wide open way extensions work in Chromium browsers.

SquareX uses a browser extension to granularly monitor user behavior and to detect and mitigate threats in real-time. Ramachandran described how a few months ago, SquareX rolled out a freemium version which attracted some 200,000 users. For a drill down on what they’re up to now, please give the accompanying podcast a listen.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

The post RSAC Fireside Chat: SquareX introduces security-infused browser extension to stop threats in real time first appeared on The Last Watchdog.

Hardware-based cybersecurity solutions are needed to help defend company networks in a tumultuous operating environment.

Related: World’s largest bank hit by ransomware attack

While software solutions dominated RSA Conference 2024 and are essential for multi-layered defense of an expanding network attack surface, hardware security solutions can serve as a last line of defense against unauthorized access to sensitive data and tampering with systems.

I sat down with Flexxon co-founder and CEO Camillia Chan to learn more about the soft launch of Flexxon’s X-PHY® Server Defender module. This follows the success of their X-PHY® SSD endpoint security solution.

This security-tuned SSD provides real-time protection against malware, viruses, and physical tampering. Chan highlighted that early adopters of the X-PHY® SSD are from sectors that prioritize robust security measures, such as government, finance, and healthcare.

One notable use case Chan mentioned involves industrial PCs and healthcare kiosks. These endpoint devices benefit from the X-PHY® SSD’s autonomous protection capabilities, ensuring critical data is safeguarded without the need for regular updates done by humans. This is particularly valuable for legacy systems that require consistent and reliable security at the core.

Meanwhile, Flexxon’s new Server Defender module extends the company’s advanced security technology to backend servers. Chan explained how this standalone module offers full-stack monitoring and defense across all seven layers of the OSI model, while also enabling instant restoration through its patented Matrix Shield technology.

This multi-layered validation is crucial for detecting zero-day threats, Chan told me. For a drill down, please give the accompanying podcast a listen.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

KINGSTON, Wash.  — U.S. Secretary of State Antony Blinken opened RSA Conference 2024 last week issuing a clarion call for the cybersecurity community to defend national security, nurture economic prosperity and reinforce democratic values.

Related: The power of everyman conversing with AI

Blinken

That’s a tall order. My big takeaway from RSAC 2024 is this: the advanced technology and best practices know-how needed to accomplish the high ideals Secretary Blinken laid out are readily at hand.

I was among some 40,000 conference attendees who trekked to in San Francisco’s Moscone Center to get a close look at a dazzling array of cybersecurity solutions representing the latest iterations of the hundreds of billions of dollars companies expended on cybersecurity technology over the past 20 years.

And now, over the next five years,  hundreds of billions more  will be poured into shedding the last vestiges of on-premises, reactive defenses and completing the journey to edge-focused, tightly integrated and highly adaptable cyber defenses directed at the cloud edge.

This paradigm shift is both daunting and essential; it must fully play out in order to adequately protect data and systemsin a post Covid 19, early GenAI and imminent quantum computing operating environment.

Simultaneous paradigm shifts

In his keynote address, Secretary Blinken alluded to several tectonic shifts happening simultaneously. Post Covid 19, work forces and supply chains have become highly distributed. This has resulted in the intensifying of companies’ reliance on cloud services  delivered at via smartphones, web browsers and IoT devices. Innovation has blossomed, though, conversely, the network attack surface has expanded exponentially.

Add to this the wild card of GenAI/LLM. The democratization of machine learning and artificial intelligence – putting the ability to extract value from data into the hands of ordinary humans – has just started to revolutionize user experiences. And, of course, this has created new tiers of criminal hacking opportunities.

“Today’s revolutions in technology are at the heart of our competition with geopolitical rivals,” Blinken said. “They pose a real test to our security, and they also represent an engine of historic possibility for our economies, for our democracies, for our people, for our planet. Put another way security, stability, prosperity — they are no longer solely analog matters.”

Singh

Flying home from the conference, I reflected on an observation made by Cota Capital managing partner Aditya Singh who said this: “Rules-based security is over, context-based security is taking over.” Singh said this as he moderated a panel discussion featuring the founders of Simbian, Seraphic Security and Amplifier Security, three promising start-ups that are all about contextual defense.

See, categorize, control

It struck me that each of the security vendors I spoke with were caught up in the trend of prioritizing contextual security, as well. Each sought to dial-in the optimum dose of protection without sacrificing an iota of innovation. In a hyper-interconnected operating environment this can only be achieve by accounting for context.

I then wrote down two column headings – contextual data protection and contextual security services —  and proceeded to place each of the security vendors I spoke with in one or the other column.

Adduri

If data is the new gold, then seeing, categorizing and controlling access to every speck of gold makes perfect sense. I had a wide-ranging discussion with Pranava Adduri, co-founder and CEO of Bedrock Security,  about why quite the opposite has happened: many organizations have been amassing information indiscriminately, simply because they can. Bedrock is applying graph database know-how to helping companies get a handle on all of their data and make strategic decisions about governance and security policies.

At the end of the day, I’d classify all the innovation occurring in application security (AppSec) as being about this sort of contextual data management. This includes innovators in the DevSecOps tools space, like Qwiet.ai and NightVision and I’d also put into this group leading  API security innovators, like Traceable, Data Thereom and Salt Security.

I spoke, as well, with Isaac Roybal, CMO of Seclore, supplier of an advanced of iteration of Enterprise Digital Rights Management (EDRM), which focuses on granular control of data access.

Chan

I’d even place hardware security innovators into the category of contextual data security tools. I had a great conversation with Camellia Chan, co-founder and CEO of Flexxon, which introduced its security-infused X-PHY server module at the conference; X-PHY protects data at the memory level, the last line of data defense.

Big security services role

The second grouping of vendors I met with at RSAC 2024 were more about a security services component. AT&T Cybersecurity made a splash announcing a recasting of its M4SP business under the name LevelBlue in partnership with WillJam Ventures. I also spoke with Open Systems and Ontinue, both offering their iterations of a managed security service tuned for the current operating environment.

Sinha

I visited with DigiCert CEO Amit Sinha and we spoke about DigiCert’s expanding portfolio of services which revolves around helping companies contextually manage their widening sprawl of PKI keys and digital certificates. My conversation with Ironscales co-founder and CEO Eyal Benishti followed a similar arch as he described how his company is delving into leveraging GenAI/LLM to help detect and deter email phishing attacks much more granularly.

Wilson

And I sat down with senior execs from Lacework to find out about their cloud-security platform and with Exabeam, supplier of a security operations platform. Be sure to give a listen to LW’s RSAC Fireside Chat podcast with Exabeam CPO Steve Wilson to hear the fascinating origination tale of the OWASP Top Ten for Large Language Model Applications.

I also met with vendors in the vanguard of an all-new type of security service – enterprise browsers; advanced browser security features are now available imbedded in company issued browsers based the open-source Chromium browser operating systems, i.e. Google Chrome and Microsoft Edge. Innovators like Island.io, SquareX and Seraphic Security are taking different angles to solutions in the fast emerging space.

Finally, I spoke to four niche security service providers: Hyas, which combines advanced threat intelligence and DNS security services; Anetac, a start-up offering  technology to help companies more effectively lock down their service accounts (the accounts used behind the scenes that grant access to things like customer data bases, cloud storage lockers and shopping carts;) Simbian, which supplies contextual workflows for security tasks ranging from complex investigations to compliance measures; and Amplified Security, which helps human employees take “self-healing” security actions.

Every conversation I had at RSAC 2024 was fascinating and instructive; each vendor was  immersed in developing advanced protections companies now need to stay viable in an environment of rapid change. Black and white rules are out. Flexible, nuanced security policies that can be automatically implemented, at scale, are in.

You’ll hear more details about the vendors I’ve mentioned above as our popular Last Watchdog RSAC Fireside Chat podcast series, which commenced last week, continues. A few new episodes will go live each week, now through mid-June.

The pace of change is breathtaking. I’ll keep watch and keep reporting.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

 

SAN FRANCISCO – The already simmering MSSP global market just got hotter.

Related: The transformative power of GenAI/LLM

This week at RSA Conference 2024, AT&T announced the launch of LevelBlue – a top-tier managed security services business formed by an alliance with AT&T and WillJam Ventures.

I had the chance to sit down earlier with Theresa Lanowitz, Chief Evangelist of  AT&T Cybersecurity /Agent at LevelBlue, to discuss this alliance. “Our job at Level Blue is to manage and mitigate these risks while supporting our clients’ growth and innovation while acting as a strategic extension of your team,” Lanowitz told me

For a full drill down, please give the accompanying podcast a listen.

LevelBlue today also released findings of the 2024Futures Report: Beyond the Cyber Resilience – first-of-its-kind thought leadership research based on a global survey of 1,050 IT and security professionals – examining barriers to cyber resilience, barriers to cybersecurity resilience, the threat landscape, and business agility.

Notably, the research suggests that while companies do understand that new computing innovation increases risk dramatically, organizations are willing to accept the risk because of the benefits the innovation brings.

AT&T Cybersecurity has long catered to large and mid-market enterprises. It’s 2018 acquisition of AlienVault reinforced its portfolio of endpoint detection and response, security operations center as a service (SOCaaS) and compliance management solutions.

WillJam Ventures is a Chicago-based private equity firm that specializes in cybersecurity investments. Founded in 2002 by Bob McCullen, its portfolio includes Viking Cloud, a supplier of PCI data security compliance solutions, and GoSecure, recognized for its Managed Extended Detection and Response (MXDR) services.

Clearly the top-tier MSSPs —  Secureworks, IBM, Cisco, NTT, Verizon,  Symantec, Trustwave, Infosys, to name just a few —  are shifting to models that alleviate mounting compliance pressures and help companies mitigate cyber risk as the pace of change accelerates

Now comes LevelBlue adding to this mix. I’ll keep watch and keep reporting..

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)