Posted on

whiteCryption’s Thorsten Held on Protecting Critical Content and Applications

Thorsten Held, managing director at whiteCryption, is focused on protecting intellectual property with cryptography. His company helps enterprises that need a greater degree of security in the area of digital rights management (DRM). Held sees a need for stronger protection of content and critical apps on all devices.
Screen Shot 2016-03-12 at 8.47.56 AM
“We want to give tools to our customers to enable them to do what they feel is the right approach,” said Held. “We provide a lot of consultancy so we help our customers understand the different options and the different scenarios. Each industry has different requirements and we help customers achieve them.”

Held was interviewed by Richard Stiennon as part of IT-Harvest’s 2016 Video Interview Series, which ran alongside the 2016 RSA Conference in San Francisco. He explained that the majority of whiteCryption’s initial customers wanted a secure DRM solution.

“We help customers harden the DRM implementation,” said Held. “The solution itself is known and defined. The content owners, [such as] Hollywood studios, require an extra layer of security. Our key mission is to make sure DRM providers hide keys in their system.”

Broadening the Platform

whiteCryption recently teamed up with Trustonic to simplify security for mobile and IoT app developers. Trustonic’s hardware-level security is already embedded in more than 500 million smart devices.

“The whole idea is to broaden the platform,” Held said of the partnership. “So many devices do come with some IP on board today.  And how do you close that gap, especially if you’re talking about customer-facing solutions? You definitely want to be sure that there’s no limitation of use.”

Held said it is not merely enough to say that a feature runs on 55% or 75% of the available devices. By combining IP with a software-based solution (like the one whiteCryption provides), “You [get] the flexibility to say that either the application or the features of the application can run on 100% of the devices.”

The Value of Security

Held also spoke about the benefit of relying on partners to deliver deeper integrated solutions than whiteCryption provides on its own.

“I think that’s key for most of the mid-sized companies,” he said. “They either don’t have the expertise or the funds to develop everything themselves, so they are in need of a deeper integrated solution.”

Not all companies know why they want to invest in security, however.

“It’s hard to convince them,” said Held. “We have a price tag, of course, and it’s a license fee. If you understand the value of security and it’s part of your business model, it’s easy [to convince an enterprise].”

whiteCryption’s integrated code protection and white-box cryptography solutions protect software applications at the source code level to prevent against unwanted alteration, intellectual property theft and keep secret cryptographic keys hidden.

Posted on

Digital Shadows’ James Chappell Discusses Threat Intelligence, Cyber Situational Awareness, and More

James Chappell, co-founder and CTO of Digital Shadows, knows what large enterprises need to stay protected. He introduced the concept of cyber situational awareness, an all-encompassing take on threat intelligence as it pertains to each customer.

“Our clients are interested in what’s going on around them,” said Chappell. “They want to know what tactics are being used around them and what they should do to align their defenses.”

Chappell recently sat down with Richard Stiennon for an in-depth interview during the 2016 RSA Conference in San Francisco. He provided a unique take on threat intelligence and explained how his company serves its clients.

“The term ‘situational awareness’ comes from the military,” said Chappell. “Just as you might imagine a general stood on top of a hill with a pair of binoculars, trying to work out where to place his assets in the field, and to work out what’s going to come over the horizon at those assets. That’s a good way to look at how you defend a business.”

Screen Shot 2016-03-11 at 3.38.01 PM

Digital Shadows’ James Chappell interviewed by Richard Stiennon

Overloaded Term

Chappell described threat intelligence as being an “overloaded term” that “means a lot of different things to a lot of different people.”

“Part of the market is about data feeds and has some value,” he said. “You can reconfigure the network in response to those.”

No enterprise is afforded the luxury of infinite resources. Chappell understands that every business must figure out how to implement those resources to the best effect, and to do it in a way that’s tailored toward each company’s individual situation.

“If you place yourself in the shoes of an attacker, look at your infrastructure as an attacker would, and then look at the changes in behavior over time, you’re going to learn a lot more,” Chappell explained. “So it’s more context-based — looking at tactics and motivations — and then looking at your own assets within the context of those threats.”

More Attacks

Security breaches are more common and more publicized than ever before. Unfortunately, it could be a while before the situation changes.

“I think we’re working in a much more complicated world,” said Chappell. “Our reliance on technology is going up, it’s not going down. Because of that we’re seeing much more complexity in the attacks.”

In the old days, hackers would initiate DDoS attacks and deface company websites. Now hacktivists steal data and publish it online.

“2015 was the year of extortion, right?” Chappell questioned. “[In] 2016, it doesn’t look like that trend is going to stop.”

If anything, Chappell said hackers have proven that extortion has become a “business model,” ensuring it will continue.

Financial Roots

As far as the company’s history is concerned, Chappell said that Digital Shadows is “very fortunate” to have started out in the financial services sector.

“We did a lot of work early on with Tier 1 banks because they were early adopters of this technology,” he said. “We have actually broadened out much further than this, so now we work with large supermarkets, we work with energy companies, utilities, pretty much anyone in a larger enterprise who’s got a job of defending an infrastructure from a variety of attacks.”