On Wednesday, June 13, at 11 a.m. PST/2 p.m. EST/7 p.m. GMT, @eWEEKNews will host its 68th monthly #eWEEKChat. The topic will be, "What's Next for Cybersecurity?" It will be moderated by Chris Preimesberger, eWEEK's editor of features and analysis.
Some quick facts:
Topic: #eWEEKchat June 13: "What's Next for Cybersecurity?"
Date/time: June 13, 11 a.m. PST/2 p.m. EST/7 p.m. GMT
Tweetchat handle: Use #eWEEKChat to follow/participate, but it's easier and more efficient to use real-time chat room links.
Chat room real-time link: Use https://www.crowdchat.net/eweekchat. Sign in and use #eweekchat for the identifier.
Sponsor: Sophos, which provides security at every endpoint of a network--from laptops to web and email traffic.
What, in Fact, IS Next for Cybersecurity?
It’s impossible to have too many good ideas in the cybersecurity business. Bad actors on a full-time basis work on new ways to get around conventional infosec. Good guys make one move, the bad guys make a counterpoint move or two. Rinse and repeat. The beat goes on while catch-up becomes very frustrating.
Cybersecurity now exhibits an impact at the level of geopolitics. Its digital tentacles reach into our personal lives, threatening privacy and our employers’ well-being. We all need to keep up with this industry, yet it's one of the most technical and ephemeral areas of IT.
However, hope is eternal. At the recent RSA 2018 conference in March, security experts and practitioners from all over the globe were witness to some new ideas and services that either are already in the market or are soon to become available.
Perhaps the most important trend emphasized at the conference was that of automating manual labor with orchestration technologies; this was on display at the recent RSA Security Innovation Sandbox. Threat detection inside the cloud and for the internet of things (IoT) was another.
The third major trend involves the many efforts to gain visibility into closed-off environments such as IoT devices and a variety of cloud environments.
Here are some examples of new-gen infosec that was presented by emerging companies at RSA 2018. We should chat about these ideas on June 13:
Detecting Threats on the Network vs. Installing on Endpoints
- Instead of forcing their way onto traditional endpoints, which are already full of installed third-party agents, these startups tap into the network. The first startup, Awake, records network traffic to collect threat intelligence and focus on what’s important. Awake founder and CEO Michael Callahan sounded the alarm that attackers are now hacking with legitimate software such as Twitter for Command and Control and Team Viewer for Remote Access. Awake enables forensic queries into its data to detect patterns of suspicious behavior hiding within the norm.
- Acalvio falls under the category of deception technologies. These technologies set the bait to lure hackers to hit deployed sensors. When their threat detection goes off, these type of deception technologies exhibit few false positives. One judge pushed back that deception is already a crowded field. CEO and founder Ram Varadarajan retorted that their proprietary sensors differentiate Acalvio. These sensors appear as digital mirages of easily managed virtual machines.
- BluVector also does detection and response using network traffic. Unlike the others, BluVector provides visibility into the endpoints using an agentless technology. A judge hinted that they believed BluVector did too much. CEO Kris Lovejoy noted that the company's self adapting technologies emerged from 10-year-old Defense Advanced Research Projects Agency (DARPA) research, and that other engines were licensed from third parties. BluVector’s probability engine not only provides users a Hunt Score but also integrates with existing threat hunting tools and infrastructure.
Visibility into the Cloud to Detect and Respond
So much of enterprise computing is in the cloud. Gaining visibility into these environments for threat detection presents a challenge. The cloud often employs heterogeneous architectures, is encrypted, or is only visible as a black box one can see through the APIs of web giants such as Google or Amazon.
- ShieldX's detection and response targets multi-cloud architectures. It is able discover and group cloud assets without installing agents. Founder and CEO Dr. Ratinder Paul Singh Ahuja described the company’s Deep Packet Inspection (DPI) of network traffic. ShieldX wields technology to prevent “east-west lateral movement” of hackers across assets.
- StackRox CTO and Co-Founder Ali Golshan promotes technology that provides visibility at the app level. It sees into both cloud containers and native environments. StackRox employs scans for vulnerabilities and misconfigurations and then orchestrates enforcement and configuration.
New Take on the Internet of Things (IoT) Security
- IoT device manufacturers develop firmware in proprietary and minimalist environments. It's often quite difficult to deploy third-party security software inside these devices. For this reason, Refirm Labs bypasses the need to run inside IoT, and it requires zero access to a manufacturer's proprietary source code. Instead Refirm Labs scans the manufacturer's firmware image before it deploys it into hardware. Its technologies detect new “zero day” vulnerabilities, encryption keys and visible passwords.
Hackers Target People and Data, Security Should Start Here
- Malware and vulnerabilities used to dominate the security narrative. Now we're seeing a shift toward data-centric and people-centric security. CyberGRX CEO Fred Kneip said that 56 percent of reported breaches involve a third party. CyberGRX employs a rules engine to identify, prioritize and mitigate risk from third party vendors.
- Hysolate introduced something called virtual air gapping by using multiple VMs with seamless connectivity and user experience--all on a single endpoint. Users can operate carefree in their internet VM. As CEO and co-founder Tal Zamir explained, "in the Internet VM, you can do whatever you want. It has full internet access and local admin rights.” When operating on sensitive tasks, users work in Hysolate's Sensitive VM. It’s locked down and limits connections to only within circles of privileged assets.
There Can Be Only One
- Runner-up Fortanix is a secure key and crytpographic service delivering runtime encryption. Fortanix CEO Ambuj Kmar explained that its technology protects data in use, even when the infrastructure has been compromised. Memory is a free for all, with hackers and forensic tools often scraping out passwords and private data. With Fortanix's runtime encryption, even data held in memory remains private.
- This year's winner and No. 1 innovator was BigID. Privacy matters enough to make billionaires blush; just ask Mark Zuckerberg. It's not surprising the winner's slogan said: “Our big idea is that privacy matters.”
Well-established companies continue to play major roles in infosec innovation. RSA, Sophos, Symantec, Trend Micro, Fortinet, FireEye, Proofpoint, Check Point, Palo Alto Networks, AVG, Imperva, CyberArk are among the largest 10 security providers in the world. They got to that status because they have had substantial success previously.
UK-based Sophos, for one, came out recently with something it calls Phish Threat. Phish Threat benefits from the Sophos Central platform, which is an effort to provide a consolidated view of security devices and controls across an organization. The core promise of the platform is that by testing users, lessons will be learned and behavior can improve over time.
The company has said that it doesn't expect that the click rate on phishing emails will ever go down to zero. That said, Sophos has seen positive results in the last year from the use of Phish Threat in reducing phishing rates among customers.
Sophos has been actively expanding its capabilities in recent years to help secure organizations. Sophos announced a capability called security heartbeat a couple of years ago that helps to enable a synchronized security approach. In 2016, Sophos launched its InterceptX next-generation endpoint security technology. InterceptX has exploit prevention capabilities as well root cause analysis insight to show organizations how threats come into an organization.
In our June 13 #eWEEKchat, “What’s Next for Cybersecurity?” we’ll be addressing most of these approaches, and we’ll be asking you for your ideas. We’ll be having several industry experts on the tweetline that day, including Dan Schiappa, Senior Vice-President of Products at Sophos and a former longtime RSA executive, and some others who will be named later.
Join us Wednesday, June 13 at 11am Pacific / 2pm Eastern for this, the 68th monthly #eWEEKchat. Go here for CrowdChat information.
Included in this story is information previously reported in eWEEK by editor and infosec reporter Sean Michael Kerner and Paul Shomo, Senior Technical Manager of Third-Party Technologies at OpenText.