Posted on

Onapsis Identifies Risk From an Unbiased Perspective

Onapsis founder

Onapsis founderCybersecurity firms make a lot of claims, but the reality is that most enterprises are not as protected as they think. Mariano Nunez, founder and CEO of Onapsis, is tackling this problem from a different angle. He said that his firm is able to analyze a company’s security risks/vulnerabilities and provide an “unbiased perspective on what that risk means” for the enterprise.

“Maybe we know that because of your specific configuration or specific context, only 10 of [the vulnerabilities] are actually very critical and are the low-hanging fruit,” said Nunez. “We know that 100% security is impossible. From that perspective we help people prioritize and really only apply patches that they need to apply.”

Nunez shared these and other details with Richard Stiennon at the 2016 RSA Conference in San Francisco.

“We are really specialized and focused on business applications because they are very complex,” he said. “You’re talking about proprietary protocols, complex architectures that are dated or started in the ‘80s, as well as newer platforms like SAP HANA, which was released only a few years ago.”

Onapsis tries to simplify the process of understanding the threat model associated with these protocols.

“You really need to put a lot of effort in understanding how this is implemented and customized and deployed in real customer implementations,” Nunez added. “Anyone can look at a system in a lab and try to understand the threats to that system. What’s challenging – and where we have a lot of expertise – is understanding how these systems are run in a real life environment and what are the critical threats in those environments.”

In comparing the patch cycles for SAP and Oracle, Nunez said that he thinks that SAP is doing a better job.

“SAP is really improving in a lot of ways,” he said. “They’re improving the security patches, they’re [offering] more secure software out of the gate, and also releasing patches. But the main problem lies in people being able to digest those patches. The patch comes out, there is a known vulnerability that’s been exploited, and we have customers that we know are never going to apply the security patch. There is really a big window of exposure to both known and unknown vulnerabilities because of that. It’s mission-critical; sometimes people have fear of disruption and won’t apply the patch.”

Posted on

Vidder’s Junaid Islam Explains How its Software Defined Perimeter Prevents Malicious Attacks

Screen Shot 2016-04-27 at 9.24.42 AM
Hackers are no longer limited in what they can accomplish. The world has transformed from an in-office corporate structure to a flexible environment that allows individuals to work for companies that are thousands of miles away. This is great for enterprises and for employees, but it has opened the door to new vulnerabilities.

“This is really challenging the existing security model,” said Junaid Islam, founder and CTO of Vidder. “One of the downsides of this new business environment is more cyber attacks. It’s so easy for hackers to get to you because there are so many ways to do it. They could go right after an employee working at home, using a home PC. They could go after a contractor.”

Vidder wanted to create a new security architecture that addressed the problems brought on by the evolving business world.

“Traditionally, security really came in the form of boxes,” said Islam, who spoke to Richard Stiennon at the 2016 RSA Conference in San Francisco. “You used to buy a box that did some security function. That was great when all your computers were in a single place and you could use a box to protect them. But now your assets are everywhere. You might have, still, applications in your datacenter. But you might have something in a cloud, so we developed a security solution based on a new concept called a Software Defined Perimeter.”

Software Defined Perimeter (SDP) allows enterprises to protect their assets wherever they are: in a datacenter, in the cloud, etc.

“We allow you as a company to have a consistent level of security across all of your assets…by having a set of checks that are performed for everybody,” he said. “The key is we do it super fast. When you want to sign in as a user, the first thing we do is check your device and see if your device is known by us. If it’s known, then you go to the next step.”

Then Vidder asks the user to sign in to see if his or her credentials are correct.

“The next thing we do is figure out what you are supposed to do in the company,” Islam continued. “Are you an executive? Are you a contractor? And then the final step is we create access for you. We use the term ‘precision access.’ This very simple mechanism is actually quite powerful. Instead of hackers being able to pretend to be you and access everything, the worst-case scenario is the hacker can only see what you can see.”

As a result, Islam said that Vidder “really changes the threat landscape by many orders of magnitude.”

Posted on

CloudPassage Makes it Easy to Adopt Dynamic Computing

Amrit Williams

CloudPassage Amrit Williams

Few companies have the time to worry about things outside their core businesses. This presents a distinct challenge whenever new technologies are introduced, especially as they relate to security and the rising threat of malicious actors. CloudPassage, an agile security platform for data centers, private clouds and public clouds, strives to eliminate that hassle.

“We can demo very quickly,” said Amrit Williams, CTO of CloudPassage. “It’s very easy for us to deploy. We can have somebody up and running in the afternoon and they could get a sense of how the system is looking.”

CloudPassage seeks customers that have some type of cloud initiative in place, whether it’s a shift to the public cloud or previous experience in private cloud environments.

“Most organizations are trying to understand how they can adopt this dynamic compute in one form or another,” said Williams, interviewed by Richard Stiennon in the above video. “Most companies have some type of initiative that they can get involved in, so we can show them the level of visibility and control that we can give them as they adopt the cloud.”

Enterprises are Taking Notice

CloudPassage’s Halo product (which provides protection and compliance for critical business assets) has been battle-tested by a number of leading enterprises, including eBay, Salesforce, Adobe and Capital One. They’re not the only firms that have taken notice.

“I was quite surprised when I looked back at the new customers over the past year,” said Williams. “It was very much spread across every industry. We were seeing folks in healthcare, insurance and financial services.”

Those firms were really dedicated to investing in a secure and better-protected cloud environment.

Cloud Infrastructure vs. Public Cloud

Williams said that he thinks there is a difference between the cloud infrastructure itself and the public cloud that providers protect, along with the workloads that could be compromised.

“They all have a shared responsibility model, where security is a shared responsibility between the organization adopting the cloud and public cloud providers,” Williams explained. “It’s not that you’re seeing big breaches of Amazon or Google. What you do see is people that are able to exploit companies that do take advantage of the cloud if they’re not securing their own environments properly.”

One company had to completely shut down because its keys were compromised.

“They had to put out a note within a couple days of this happening, saying, ‘We can’t recover from this,’” said Williams, who has worked hard to ensure that doesn’t happen to other firms. “Since our founding in 2010, CloudPassage has been focused on purpose building a security platform to address dynamic compute environments. It auto-scales, it can be delivered on-demand and it can work with micro services and architectures.”

Posted on

vArmour’s Mark Weatherford is Helping Enterprises Secure Their Cloud Environment

ScrevArmour interview Mark Weatherford

Mark Weatherford, former Deputy Under Secretary for Cybersecurity at DHS,  believes the world is ready for superior cloud security. He serves as the SVP and chief cybersecurity strategist of vArmour, a data center and cloud security company. He came to the firm with years of experience, including his former roles as chief information security officer for both California and Colorado.

“Our expertise is really around helping organizations understand how they can micro-segment and use the advanced analytics that we provide to help them see, stop and secure bad things in their environment,” said Weatherford, who shared his ideas with Richard Stiennon at the 2016 RSA Conference in San Francisco. “Fundamentally, if we can get our arms around that with a company, it’s very easy to have the next level of conversations, which is, ‘How do we come into an environment and how do we take the vArmour technology and distribute it?’”

There are a lot of technical pieces in place, but Weatherford said it is “very simple to do.”

“And that’s one of the things our product team [and] our CEO have been very laser-focused on,” he added. “We’ve got to make this easy for companies to do it.”

Predicting the Cloud

Few could have imagined that cloud services would become so important, but Weatherford predicted their success long before most others caught on.

“In 2009 when I was the CISO for the State of California, I gave a speech where I said, ‘This cloud thing is going to be big. We as a security community need to be paying attention to this.’ I was actually chastised by some of my CISO colleagues after the fact, who basically said, ‘Over my dead body am I going to put my data into the cloud!’”

In the end, the naysayers were proven wrong.

“I think taking this philosophy to the CISO now and saying, ‘Listen, there’s a lot of technologies out there that are available to you in your security toolkit, but this cloud thing is new. It’s a very risky proposition to think that you’re going to depend on your firewall to be your protection.”

The Importance of Trust

If there’s one thing that matters most to Weatherford, it’s trust.

“I’ve heard 1,000 vendor pitches,” he said. “I know exactly what I hate and I know what I love. I want a couple things, and probably most importantly, I want to be able to trust you. If you ever lie to me, it’ll be the last time. But being somebody who’s empathetic to my challenges as a CISO, and being there for me as a long-term partner. If you’re just there to sell me a product and walk out the door, I’m not interested in that. Every CISO I know has 1,000 things on his list. When you get an hour of my time as a vendor, treat it like the valuable, important thing that it is.”

Posted on

Why Versasec Took a Different Approach to Smart Card Development

Versasec interview

Joakim Thoren has been in the smart card business from the start of his career. As the CEO of Versasec (an identity and access management provider), he’s seen everything the industry had to offer.

“I saw that the other card management systems that were out there were all using the same architecture,” said Thoren. “And they were all using the same business approach that you sell this large system, and you bring in a lot of professional services to get it started. That was, of course, stopping the small customers from getting into this market.”

Thoren shared his philosophy (and his company’s early success) with Richard Stiennon at the 2016 RSA Conference in San Francisco.

“There are a lot of things left to solve,” said Thoren. “I’m looking a lot at the mobile (bring your own device) market. We’ve focused heavily on BYOD because it’s still a computing device – a real piece of hardware where you can install software easily.”

Versasec uses virtual smart cards to serve those users. Thoren said this is beneficial because they won’t need a special reader to access virtual cards.

“If you come to an organization with your own device, it’s likely that you don’t have a smart card reader,” he said. “Then the virtual smart card fits right in.”

Getting Into the Cloud

Versasec’s next move will be into the cloud.

“[Our architecture] is perfect for being in the cloud,” said Thoren. “One of our core values is that we should have the highest level of security always. No shortcuts. Thus, all the keys used in the system are hardware-protected, at least by using a smart card. If you’re in a larger system, you have a lot of transactions. Fitting that into a cloud service could be a little bit complicated, but we figured it out now, so we’re going to release a cloud version later this year.”

Growing Customer Base

When Thoren moved to the United States in 2012, European customers accounted for all of Versasec’s business. Today the company has been split 50-50 between the U.S. and Europe, with nearly 100 customers in America.

“The largest deployment is a government customer,” said Thoren. “It’s a very large U.S. government customer and they have very interesting requirements with locations – many hundreds of locations – which makes it exciting to manage.”

Posted on

Untangle’s Firewall and Endpoint Security Solutions Create the Best of Both World

Untangle interview

There are a number of enterprises that claim to offer a great firewall or endpoint security solution, but it has been very difficult for one company to successfully implement both elements. Untangle, a network software and appliance company, set out to change that when it acquired Total Defense in 2014.

“Our vision with the Total Defense acquisition, in a product sense, was to combine the two,” said Bob Walters, CEO of Untangle. “In the small business space, we think that’s a realistic thing to accomplish and sell because there’s not a lot of decision makers holding up a deal to buy both. There are definite technical advantages as well. Total Defense also had a nice set of financials and bulked up our company in that way.”

Walters told Richard Stiennon all about his company at the 2016 RSA Conference in San Francisco.

“We [employ] about 50 people,” said Walters. “We gained a bunch of those people through acquisition. We are now profitable and growing. We’re going to hold off on additional acquisitions in 2016 but hope to start that up again in 2017.”

What about those who may wish to acquire Untangle?

“It’s either a danger or a delight,” Walters explained. “It just depends on how the thing goes. Sure, companies like us that are at scale and profitable will always have people that are interested. We typically have two or three interested at any given time.”

Global Brand

Untangle has become a global brand, but Walters said that most of its customers are based in North America, particularly the United States.

“But the better way to describe our business is that it’s English speaking-based,” he said. “This has always been a curiosity for me because we’re localized in a dozen different places — most of those, by the way, were open source localizations. But we found the gravity centers to be English-speaking countries.”

Future Product Plans

Walters spoke fondly of the ARM architecture, which has “transformed the world” and is “central” to the Internet of Things, he said.

“ARM definitely gives us a Moore’s Law-like performance increase,” said Walters. “And to give you a real example of what the ARM architecture is doing for prices in Untangle’s land, about three years ago the cheapest Untangled box with software was about $1,000. We’re under half of that now based on [Intel’s] Atom. ARM is driving the Atom pricing. Within a very short time we’ll be in the $250 to $300 regime. We’re really excited about that.”

Posted on 2 Comments

Gemalto’s Jason Hart Warns That Integrity-Based Attacks Will Be The Next Major Cyber Threat

Gemalto Interview

Jason Hart, VP & CTO of Gemalto, is a pro at spotting trends in cyber attacks. His company (which offers a host of digital security solutions) recently released its Breach Level Index for 2015, revealing a notable shift in attacks.

“In 2014 we saw a lot of attacks involving financial information and credit card data,” said Hart, who spoke with Richard Stiennon at the 2016 RSA Conference in San Francisco. “What we see in 2015 is the attack factors have changed and the bad guys are going after low-hanging fruit.”

Instead of banking info, malicious actors are looking for login credentials.

“For me that’s a bigger problem than credit card information,” Hart continued. “If my credit card data is captured or compromised, it’s easy for me to replace my credit card. But if my user credentials and other personal information are compromised, I have no visibility. I can’t just go and swap out a new card. And for me, that’s unforeseen risk.”

And that may only be the tip of the iceberg. Every year it seems as if enterprises endure the worst security breaches of all time, but they always get worse. Hart anticipates a greater number of breaches in the future, and he expects them to be larger and make a bigger impact on those who are hit.

“The next big attacks that we’re going to see are going to be integrity-based,” Hart warned. “With the integrity of the data being changed, there’s going to be a lag effect.”

Consequently, it could take up to two years before anyone realizes that an attack has occurred. During that time threat actors may be able to manipulate data to their advantage.

“I live in England in a very rural village,” said Hart. “I have two neighbors. They have tractors that are enabled with IoT. The data they’re collecting allows them to understand the soil quality and crop quality. But I’m sure the manufacturers are looking at that data from a global point of view and see, from a holistic view, what’s going on. That data is very valuable to the commodity markets.”

It could also be valuable to someone looking to make a quick buck.

“A bad guy could place money on the stock market, alter the integrity of that data and affect it, legitimizing his money,” Hart concluded.

Posted on

Evident.io CEO Tim Prendergast Discusses the Emergence and Adoption of Cloud Security

Screen Shot 2016-04-14 at 4.06.29 PM
https://vimeo.com/158677186

Cloud computing has received a lot of attention these days, but the most important cloud service could be the one that protects enterprises (including other cloud businesses) from malicious attacks. The industry might have finally come to a turning point now that corporations, both big and small, are starting to realize the value of cloud security.

“The markets have matured to adopt what cloud security really means,” said Evident.io CEO Tim Prendergast, who was interviewed by Richard Stiennon as part of IT-Harvest’s 2016 Video Interview Series. “When it started out there was a lot of confusion about the various layers. I think as we’ve seen people progress along the maturity curve in cloud, they really started to understand the unique needs the environment has that are different than they were at a datacenter.”

Prendergast, whose company offers an easy to deploy cloud policy management platform, said the industry has been “able to identify solutions and suites that will work really well for them in addressing the new challenges they face as they move in these very dynamic environments.”

Understanding the Challenges of the Cloud

Prendergast said there has been a dichotomy where there are innovators and the very early adopters who really understand the challenges of the cloud because they’ve been doing it for the last two to four years.

“They tend to find the value in the platform very early and do a homogeneous spread across their entire environment,” Prendergast explained. “So they’ll say, ‘Okay, we’re going to use it as a standard and cover all our infrastructure with it.’ And then we have a lot of emerging players and the early majority. It might be a bank or manufacturer putting their first workload in the cloud, and they want to start with a good basis from the ground up on the development and test environments.”

Evident has found that as these firms progress toward production, they will increase their platform coverage.

“And then over time they mature additional workloads and continue to grow,” Prendergast added. “I think the constant that’s driving this is the cloud is being used more and more everyday, not less everyday, by these companies.”

Going Above and Beyond

Traditional datacenters are becoming a thing of the past. Prendergast said that most businesses have replaced the old model (where a bunch of servers and operating systems run everything) with severs that act as a component of dozens of other cloud services.

“But all those other services are only API accessible,” said Prendergast. “There’s no IP address, there’s no operating system, there’s no way to install your own software on it. Evident creates a way for you to actually cover all those services and the layers of governance, compliance, continuous monitoring and protection that you need in a very modern cloud way.”

Prendergast said that this system is actually “creating security workflows where the teams that are managing the cloud infrastructure are moving in a very agile way.”

“It’s embracing security as part of that DNA and as part of that cycle, and not something that happens at the end of a product lifecycle process,” he said.

Posted on

Comodo Using Containers to Block Malware

Screen Shot 2016-04-14 at 3.50.22 PMMalware is a growing problem for both consumers and enterprises. Many have tried to defend against this growing threat, but malware authors are relentless in producing new ways to deploy, infect and harm the PCs of those they target. It’s an ongoing problem that requires vigilant individuals to remain at the top of their game.

To keep up with the rise of malware, Comodo is looking beyond traditional sandbox methods.

“Malware always starts out as an unknown file,” said John Peterson, VP of enterprise product management at Comodo. “The rate of unknown files is so high that it just doesn’t work anymore to try to do a blacklisting or signature-based approach.”

Peterson shared Comodo’s strategy with Richard Stiennon at the 2016 RSA Conference in San Francisco. He said his firm is taking a new approach to malware, which is very clear on how known files (good and bad) should be treated. The challenge comes in dealing with unknown files.

“Once run in a sandbox, you might identify whether it’s good or bad, but during that whole period and process of analyzing the file, patient zero could be infected,” Peterson warned. “We actually eliminate patient zero from having to get infected. We take unknown files and we put them in a container, so that container allows the unknown file to run and execute. You can interact with it because it could be unknown good. But it also could be unknown bad, so we isolate it from the rest of your computing environment.”

Click on Anything

Peterson said that users are able to click on and download anything without fearing their computer systems will be compromised.

“The application or PDF or EXE that you’re actually downloading gets run in isolation,” he said. “It has a separate set of CPU processing that it’s allocating and a separate file system that it’s restricted to. It can only make certain calls to certain places in memory, rendering your computer immune to any kind of malware that might be brought into your environment.”

Sandbox Technology Still Holds Value

Comodo may be going above and beyond sandbox technology, but Peterson said there’s still a place for it in the world of security.

“Clearly there’s an opportunity for us to displace it, but I think there’s also opportunity for us to augment it,” said Peterson. “If customers have chosen a sandbox solution and they want to stick with that, they can – and they can augment that sandbox technology with our containment technology. Containment technology is like a cousin to sandboxing. Sandboxing is analyzing a file to determine its true state, whereas containment is actually putting a file in a container and allowing you to interact with it while keeping it isolated from the rest of your computing environment. We do both.”

Posted on

Skybox Security’s Gidi Cohen is a Big Believer in Data-Driven Security

Screen Shot 2016-03-25 at 9.00.08 AM

It’s not uncommon to hear an Uber-like startup – those operating in the so-called “on-demand economy” – announce a massive raise from any number of venture capitalists. But in order to draw that same level of investor trust in other fields (say, cybersecurity), you’ve got to have something really special.

Skybox Security definitely fits into that category. The company, which is led by co-founder and CEO Gidi Cohen, recently announced that it had raised $96 million from Providence Equity Partners.
“We’re big believers of data-driven security,” said Cohen, who sat down with Richard Stiennon for a one-on-one chat during the 2016 RSA Conference in San Francisco. He attributed the investor support to the company’s ongoing growth and success.

“We grew over 50% year-over-year for a few years in a row,” said Cohen, whose company is known for guarding an enterprise’s attack surface (the sum of all threats an organization may face) from malicious individuals. “We’re continuing to do so this year — and in a very profitable way.”

A Different Point of View

Cohen didn’t want Skybox to follow in the footsteps of other startups, which typically grow their top-line while enduring (and perhaps accepting) “a huge amount of losses like it doesn’t matter.”

“It got to the point where there’s actually an appreciation for companies that grow very well but can do it in a competent and efficient way, which is what Skybox has been doing for quite a few years,” said Cohen. “That was very noticeable in the industry and the financial markets.”

Cohen said that in Skybox’s specific space, the company is “uniquely successful” in capturing a significant part of the enterprise market.

“We are winning almost everything we’re competing on, in the markets due to the scalability, the platform capabilities and the visibility we provide,” he said.

Unique Analytics

Cohen is proud to speak about Skybox’s “unique” type of analytics.

“Our analytics is much more about modeling and simulation technologies that can actually put together all of those disparate datasets,” he explained. “There are different silos of data, firewalls, endpoints, vulnerabilities. We put them together with a technology that actually helps the organization understand what is exposed, what’s exploitable, what’s not, and how to deal with that.”

Cohen said that this type of analytics is something that Skybox has been doing for many years.

“We have quite a few patents in the space and it’s a very unique offering,” he concluded.

 

[IT-Harvest has initiated research into the firewall policy management space. Skybox Security, although it has a broader offering, is included in this research. A market sizing report will be available at www.ith-research.com]