CyberWire Daily - RSA 2017 Roundup – Perspectives, Pitches and Predictions [Special Edition]
Episode Date: March 7, 2017In this CyberWire 2017 RSA Conference special edition, we wrap up our show coverage with insights from experts, about the trends they’re seeing, the products they’re pitching, and where they think... we, as an industry, need to go. Guests include: Mark Dufresne, Director, Threat Research and Adversary Prevention, Endgame https://www.linkedin.com/in/mark-dufresne-b3275610a/ James Lyne, Global Head of Security Research, Sophos https://www.linkedin.com/in/jameslyne/ Emily Mossburg, Principal, Cyber Risk Services Leadership Team, Deloitte & Touche https://www.linkedin.com/in/emilymossburg/ Mark Nunnikhoven, Vice President, Cloud Research, Trend Micro https://www.linkedin.com/in/marknca/ Levi Gundert, Vice President of Intelligence and Strategy, Recorded Future https://www.linkedin.com/in/levigundert/ Carl Leonard, Principal Security Analyst, Forcepoint https://www.linkedin.com/in/carl-leonard-5486405/ Evan Blair, Founder, ZeroFOX https://www.linkedin.com/in/evanblair/ Gabby Nizri, Founder and CEO, Ayehu Software Technologies https://www.linkedin.com/in/gabbynizri/ Jason Porter, Vice President Security Solutions, AT&T https://www.linkedin.com/in/jason-porter-4a604757/ Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Calling all sellers.
Salesforce is hiring account executives to join us on the cutting edge of technology.
Here, innovation isn't a buzzword.
It's a way of life.
You'll be solving customer challenges faster with agents, winning with purpose, and showing
the world what AI was meant to be.
Let's create the agent-first
future together. Head to
salesforce.com slash careers
to learn more.
In a darkly comedic look at
motherhood and society's expectations,
Academy Award-nominated Amy Adams
stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn as she discovers the best yet fiercest part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
In this CyberWire 2017 RSA Conference Special Edition,
we wrap up our show coverage with insights from experts about the trends they're seeing,
the products they're pitching, and where they think we as an industry need to go.
Stay with us.
For our regular daily editions of the Cyber Wire,
we tell our guests that we like to talk with people who have something to say
and not just something to sell.
For this special edition, we relax that guideline just a bit.
RSA is a trade show after all.
But along with the product pitches,
our guests give us their observations from the show
and their views on where they think things are going.
We begin with Mark Dufresne from Endgame, who I caught up with in the days leading up to the
conference. We have a lot of people at Endgame who have kind of some lineages in, you know,
offensive cyber working for the U.S. government and a lot of red teaming experience. So we know
what it takes to be successful as the adversary and can apply that directly to building our preventions. And that goes a little further, kind of understanding the things that adversaries might
try to do in terms of like, what do they look for in an endpoint as they're doing their operations
and how can we hide from them and kind of evade any attempts they might have to like signature
end game and take evasive action to undermine endgame's ability to collect and provide visibility to turn us off.
We're hardened in a variety of ways and stealthy in a variety of ways as we're doing our defensive operations
to kind of frustrate any kind of adversary attempts to undermine the capability.
The platform is designed, again, it's an EDR platform with incredibly powerful prevention capabilities built in.
So we're really we've been pushing this hard, addressing some some serious gaps in the EDR market and kind of leapfrogging our prevention and detection capabilities beyond what's out there to detect kind of with a layered behavioral approach to detection.
detection. We are bringing out a capability that we call Artemis, an intelligent AI-powered bot to make this technology accessible even to novice users. So somebody can sit down at our platform,
never using an EDR platform, and truly has the power to stop nation state level
attackers in less than an hour of using it. We've seen people doing that.
in less than an hour of using it.
We've seen people doing that.
It really solves the talent problem that the resource shortage people has,
and also kind of brings down a security team's time
to identify, investigate, and respond to threats.
It takes some things from days all the way down to minutes
with using Endgame,
kind of relying on some of these very powerful detection technologies
that we have in
order to detect malware, prevent against zero days, stop fileless attacks, and, you know, kind of
hit adversaries at every stage of their operations and make it very difficult for them to achieve
their objectives. You know, everyone in the industry is now saying that signatures aren't
enough to detect threats. That's absolutely true. We think we have a unique approach to that signature
problem. I think we're going to see a lot of talk at RSA about streaming rules engine approaches to
the problem, whereby a tool provides full visibility, a mountain of data about what
processes are doing and what users are doing. And you can write rules on top of that. Things like,
hey, the following six things that happen exactly in sequence might be indicative of a process
injection. That's great. You know, it's good technology. It's nice to do that. And I think
it's good that a lot of that people are thinking like that. But there's some drawbacks with that
type of approach in that they're brittle, they're difficult to set up, difficult to configure.
And they're kind of watching the problems take place still.
So we have kind of a unique view at solving problems like that, which are attempts to deal with things like fileless attacks and that sort of thing.
So we're going to see some rules engines and some other things that are more behavioral that people should take a look at and think about how some of those techniques might not be quite everything we need.
at and think about how some of those techniques might not be quite everything we need.
The other thing I think we're going to see a lot of talk about is in-memory only attacks,
fileless attacks.
Kaspersky just did a good post last week about trends in fileless attacks that are happening out there, things that don't use traditional malware and cause problems only in memory.
There are some emerging techniques to detect that, but all of those things have serious
drawbacks and visibility gaps, a lot of what's out there.
That's Mark Dufresne from Endgame.
James Line is the global head of research at Sophos.
We spoke on the show floor.
We're all about simplicity, making things accessible and easy.
And as a result, we appeal very strongly to small and medium-sized companies where if they're lucky
they have a dedicated security person but often they have what we often joke about as the only
information officer it's also the same person who's responsible for changing the printer and
keeping the wi-fi on and dealing with a deluge of different user problems so we work well in those
environments because we're not you know bombarding people with 50,000 alerts every minute to go chase down.
We focus on the things that are really important, simple configuration, and technology backed by our labs that works out of the box.
Of course, some larger enterprises are pragmatic about their approach to security and may find that valuable too.
But certainly in small and medium-sized companies, that's really a sweet spot for Sophos
based on that easy-to-use tech.
I think a couple of the areas that I'm most proud of
over the past 12 months
and that tie into a lot of the research I've been doing
and I'm presenting at the show here
feature around ransomware and anti-exploitation.
Exploiting systems using exploits or bugs
turned to nasty purposes
has been the driving force of most malware distribution,
of most cyber criminal activity
for the past seven, eight, nine years.
And we've taken some, I think, really quite unique steps
in thwarting exploits higher up the chain of attack
to make sure that nasty code really never gets
running so you have to deal with the cleanup and so on and so on ransomware has been undoubtedly
the the most favorite campaign of cyber criminals over the past 18 months it is prolific there are
so many different versions of it so many different types of scam and the quality of their implementation
is improving all the time i'm really proud of some of the technology we brought out in InceptX,
where we generically thwart a huge number of ransomware campaigns. And in the event that
they do get in and start the encryption process, we're able to identify it behaviorally and roll that stuff back. So really, it's continuing
to do what we do best. It's finding the major pain points for small businesses, for medium-sized
enterprises, the things that cybercriminals are focused on, and building easy-to-use,
accessible technology that solves that problem for our customers.
Here at the show, looking around, what are some of the things you're seeing in terms of trends for the industry as a whole? Well, there's a lot of focus
here on the tactical but important issues, like I just mentioned, ransomware. People have realized
it's a big issue for companies, so of course it's showcased here. There's a lot of focus as well on
machine learning, adaptive learning, and the use of data science
in driving better security that's been a really exciting area that we've embraced over the over
the past couple of years and is undoubtedly one of the big hot topics here and I think that probably
will be one of the big hot topics over the next couple of years as well because it can be applied
to so many different areas of security,
so many different types of user policy or detection at each of the layers.
I think we're really only at the beginning of the journey
in application of that to security.
That's James Line from Sophos.
Emily Mossberg is a principal with Deloitte Cyber Risk Services.
If you're a regular listener, you'll recognize Emily.
She's been on a number of times.
There's a couple of new offerings that we're launching while we're here.
One is our new managed threat services, and the other is our digital managed identity services,
really focusing on the fact that a lot of our clients and a lot of the enterprises
are looking for more
capabilities from a managed services perspective.
So we've really been focused on developing those solutions and getting those out to market.
One of the things around our digital identity service that we're really excited about is
that it's not focused on a traditional enterprise identity solution, although it can be used for that. But it's really
focused on an enterprise being able to offer that service for their end consumers and customers.
So it's sort of bridging the gap between enterprise identity and consumer identity.
So it's really exciting for us to be putting something like that forward and being able to change the conversation and talk more about consumer identity, which is something that seems to be really amping up because of the fact that there's so many new digital transformations happening, so many new applications that are being developed, mobility, cloud. So we really want to be able to bring something to the market that allows the enterprise to
manage the identities of their end consumers.
Looking at the show as a whole, as you walk around, as you look at things, what are you
seeing that's catching your eye in terms of innovation?
There continues to be a lot of focus on cloud transformation and CASB solutions.
There continues to be a lot of focus on threat intelligence and actionable intelligence.
One of the things, though, that I think is really the most important is the application security focus that we're seeing. And not that secure
development lifecycle is new, but I think we're seeing a shift in terms of how it's being applied.
Broadly, we're seeing a shift away from enterprise-focused insular security to how do we
take our cyber risk requirements in our program and drive it into the products
and services and innovations that we have as an enterprise, especially with the advent of
the Internet of Things and connected products. There's a much more focus on how do we develop
and innovate new connected products that don't open us up to new cyber risks. So how do we bring
forward the cyber risk requirements into the innovation lifecycle and the product development
lifecycle? And how do we then code, design and code these products and services in a secure way
from the get-go, as opposed to layering the security and the controls on after the product's already developed.
So I think that's one of the things that we're seeing and hearing a lot about,
and I think it's going to really take off in the next three to five years.
You're going to see a transformation, if you will, around the security function.
As you look forward towards 2017, what's on the horizon?
What kinds of things can we expect to see from Deloitte? We're going to have more of a focus on infrastructure security and application
security for a number of the reasons that I previously said. But what we really want to do on helping organizations innovate in a secure way.
So we're going to spend a lot of time and energy on application security and infrastructure
security in order to enable that.
From an infrastructure security perspective, a lot of it is being driven by the cloud transformation
that's evolving.
You know, people have been talking about cloud for years.
I think we're right now sort of in the capability curve where we're really starting to see more and more adoption.
What that adoption means is that the traditional network design, the traditional network security
and architecture is shifting.
So we're seeing broad scale network security evolution. So we're spending more
emphasis and focus and innovation on new ways to do that. We're also focusing, as I mentioned,
on digital identity, and I expect that to continue through 2017. What we're launching
here at the show is really our first release of our managed digital identity services, but we have a roadmap that's laid out over the course of the next year that's going to allow for version 2, version 3, and version 4.
So we're really focused a lot on that as well.
That's Emily Mossberg from Deloitte.
Mark Nunikovan is vice president of cloud research at Trend Micro.
He shared some of the trends he's been tracking at the conference.
There's a lot of really interesting niche players.
There's some real interesting work being done around malware hunting,
which is sort of when teams are getting a little more aggressive and proactive within their enterprise.
I think that's really good for mature enterprises, but there's a lot of basics that still need to be done. But there's some interesting work going on in that space. And then
there's a big push around leveraging sort of more advanced machine learning and artificial
intelligence techniques to security defense. And that's sort of, there's people that are all flash
and there's a lot of people who are substance as well and but I think there's a lot of value to be had for defenders to invest in those types
of technologies and where are you all in that play in terms of machine learning
and AI it's something we've actually been doing for a really long time so
trend traditionally we're pretty quiet we just kind of go about our business
and try to deliver as much value to customers as we can but we started a new
marketing campaign and normally I shy away from the marketing stuff.
I like to dive, you know, as a researcher,
I like to dive into technology and organizational design.
But this year we're really kind of getting
a little more assertive and talking about the fact
that you don't need just one thing.
So machine learning is great and, you know,
it's something I've been involved with for years,
but it's not the end all be all.
No control, despite what you'll see
from some of the claims in the market.
No one control is going to do everything.
You need a set of controls.
So even stuff that was effective 10 years ago is still useful because it's really quick, it's really efficient,
and it'll get you an answer whether something was known good or not.
But then, you know, it's not perfect.
So you need a series of controls.
And I think that's a really important and pragmatic way of approaching security.
trolls. And I think that's a really important and pragmatic way of approaching security.
You get the machine learning to take advantage of the grunt work and the really deep comparisons that humans aren't good at. And then it presents something unique and novel to get some of the
creativity that people are really good at. And so that blend is what's effective because,
you know, computers are great. You look around image recognition and, you know, trying to
parse the meaning of text, computers can understand
words and translate them, but they can't tell you what it actually meant. So a person can look at a
sentence and tell you what it meant. A computer could translate that sentence into any language
on the planet, but it still can't tell you what it meant. So that combo is really important.
This gap we have with having enough people to fill all the positions in the industry,
where do you see it coming in that? Do things like automation, like machine learning, can they help close that gap?
Absolutely.
So one of the challenges we have just in automation in general, not even looking at the skills gap,
attackers have been automated for a while, and yet we're defending manually.
And, you know, anybody, even if you're not in the security space, you understand that's not fair.
Like, that is not an even match.
And, you know, why not?
Attackers saw an opportunity so
um you know ransomware is a great example people like oh i'm never a a you know i'm not a target
because i don't have anything of importance well yeah you do you have something of importance to
you and the attackers won't target you specifically they've simply set up a script to attack every
open endpoint they find because why not right everyone they in fact they're going to get money
back from or there's a good chance they'll get money back from.
So defenders need to start automating,
and we're seeing that in the cloud space a lot more,
where developers have automated.
They're doing the whole DevOps trend,
where they're deploying new versions of the application
10, 20 times a day.
Security needs to be just as automated,
but specific to the skills gap, absolutely.
If we can start getting better information to security defenders, we can make them more efficient.
Right now, a big challenge for sort of traditional teams is when they're looking at a list of potential security events.
There's 50 events on there.
Maybe one or two of them actually deserve their time.
We can use machine learning and automation tools to reduce that list down to only the one or two that need a person to respond.
tools to reduce that list down to only the one or two that need a person to respond.
So what I'm seeing a lot, especially working on the cloud, is people are realizing, along with that shift away from hugging the server and realizing they need to focus on their business,
is that we need to change how we're applying security. In that we used to have a security
team that sort of at the end of the project said, hold on a second, you need to have this in place
and this in place, and you need all these wonderful controls. And we know bolting it on at the end
isn't effective.
You can close some gaps that way, but if you really want to be secure, everybody needs to understand that responsibility,
which means as security people, we need to be working directly with those teams as they're building things and working directly with the business.
So I know it's difficult for a lot of security folks because we're not necessarily the most outgoing,
but we need to change our sort of perspective and get there and be talking more, be communicating more and be educating people
because then we can get involved earlier and make sure that it's less of a headache for everybody.
And that way we'll all be more secure because you know the criminals are starting to collaborate.
They're offering crime as a service. You know, you can get the latest botnet for about $7,500
an hour and you can take down massive providers yourself.
This is a business. Crime is a business.
We need to make sure that we're collaborating internally as well as with our peers to make sure that we're defending as a team, because security is very much a team sport.
That's Mark Nunakovan from Trend Micro.
Levi Gundert is Vice President of Intelligence and Strategy at Recorded Future.
We spoke right after the RSA conference about his take on the show,
specifically in the area of threat intelligence.
There seems to be a lot of focus this year on analytics
and a fair amount in sort of the artificial intelligence space,
or at least buzzword.
Those sort of seem to be the themes that I caught just walking the trade floor.
There's obviously been a real need to focus on intelligence that's useful to the enterprise and the business.
And, you know, companies go about doing that a lot of different ways.
But I think in general, you know, that was the message that was really trying to be communicated by all of the vendors in
the different ways that they provide intelligence context was that these are the use cases,
these are the scenarios that we provide value into that will actually be useful to the business
and applicable to the business.
I think we're seeing a much wider adoption of cyber threat intelligence across a lot
of different industry verticals.
I think the days of speeds and feeds are largely over.
There's nothing wrong with feeds at the operational layer, but certainly folks don't want to be paying enormous amounts of money to vendors for feeds of indicators of compromise.
That's a thing of the past, and I think that was very evident in the show this year.
So the volume and threat intelligence is really how do we buy the right controls or how do we build the right controls?
And that's really the strategic analysis of risk.
Where in the organization is there potential for loss, real loss to the business?
And then how do we address that with the right security controls?
And so that's really the primary value proposition of threat intelligence.
The secondary sort of ancillary value is how do we improve our controls?
How do we test the efficacy of current controls and improve those controls?
And that's sort of the operational component of threat intelligence.
But at the core, it's a tough thing to do.
It's a tough thing to do cyber threat intelligence well and to provide
consistent value into both of those areas. There's a lot of different approaches, but, you know,
obviously having wide sources of information available to do analysis to then produce
intelligence into organizations of different industry verticals is really key. That's a key
component. And I think, you know, being to do that with with machines instead of humans is the only way that
an effort really scales to find the intelligence that it is going to be
applicable to the business I think where we have seen a lot of success is really
in that combination of machine learning and human analysts human analytical
capabilities and you know for a long time a lot of folks have been talking of machine learning and human analysts, human analytical capabilities.
And, you know, for a long time, a lot of folks have been talking about the pure play,
artificial intelligence and the promise there, but we haven't actually seen that come to fruition in the security space.
And I think artificial intelligence is perhaps a bit of a stretch.
I think machine learning is probably the right term to use here.
My colleague, Stéphane Truvet, who's one of the right term to use here. My colleague,
Stéphane Truvet, who's one of the co-founders of Recorded Future, likes to say, artificial
intelligence is not this magic potion or sauce that you just pour over data, and it sort of
magically becomes useful intelligence. That's not how it works. Machine learning is a great
capability, and if you have good algorithms, it can certainly help take the brunt of some of that big data pain away.
But at the end of the day, you still need humans to combine that effort with machine learning.
And that's really where we're seeing success in our product, but also as an industry, that's really where success is being driven.
So, I mean, looking towards the future, what do you see happening in the next few years?
Where do you think things are going to go?
It's always difficult to prognosticate on things like this,
but I think you're going to see more of machine learning
and more of that combination of machine learning and human analysts.
But I think you're also going to see a broadening of sources
as organizations look for deeper and broader technical information.
Human intelligence, signals intelligence, there's good data there, but sometimes it's
hard to acquire that data.
So I think you're going to see businesses actually going after different types of data
to fulfill some of their intelligence needs.
That's Levi Gundert from Recorded Future.
Carl Leonard is a principal security analyst at Forcepoint.
Every year in the Forcepoint Security Labs, we predict the top 10 threats that might arise
over the next 12 months.
2015 we anticipated that the elections whether that be you know as it was then the upcoming US elections or those in other countries there is opportunity for
those with certain desires to manipulate the voting machines to spread
misinformation to steal data from the
parties of various candidates or the candidates themselves and leak that and
influence the election process and that of the electoral base so he didn't
really come as a surprise what we're really looking to for this year, 2017, is to highlight this
and make sure that governments that have upcoming elections,
certainly around Europe, we've got a lot of countries that are in election year this year,
to make sure that they've really thought about some of the issues that might occur
to make sure that they've really thought about some of the issues that might occur and also raise awareness for members of the public.
Don't always trust that piece of news on a social media site.
Sometimes it is hard.
We kind of take it for granted as researchers to always understand the quality of the source
and assign a reputation to it.
I know full well it's something that we researchers do
without even thinking about it.
It's what we're trained to do.
But for members of the public,
it can sometimes be very difficult to trace back,
well, where did that statistic come from?
Where did that story come from?
And then realize that it it's not true and so yeah i think the spread of this um you know fake news on social media
will continue to be a challenge over the years um there's been various proposals by different
governments on how to regulate it and ultimately who is responsible for it and who should
manage it and who should retract that information lots lots of things to be
discussed we do not know that we don't have all the answers as a security
community and I don't think other governments have the answers, that they're still trying to figure this out as well,
make sure that they have an informed electorate.
Yeah, one of the big discussions of 2017, that's for sure.
I think the complexity of attacks has been increasing rapidly for over a decade.
The type of attacks that we are seeing are very much as a result
of malware authors building kits so that it's the kit that has the complexity and the intelligence
behind it and then other malware authors can reuse that and almost inherit the skill set
of the original author of the kit. So the complexity will continue to increase. I think
the industry is responding with next generation approaches, however those may be defined.
A lot of the attention that I'm seeing, certainly at the show, at RSA 2017,'s around advanced machine learning and really understanding and being predictive of
a threat looking at it early so this is certainly what we're doing at forcepoint to understand the
behavior and the intent of actions so that you can put that into a risk score we literally rank
incidents in terms of risk and alert the businesses our customers as to which
events to look at because we are we are in the realms that you cannot protect
from all threats all of the time it's it's the type of threats that you know as we see often
in the press that you know those are the ones that are launched at Saturday
night when all your analysts are out and your soccer's closed down and you're updating your
VM machines and your analysis machine, that's when the attackers hit you.
So I think there's still lessons to be learned.
We've still got to understand that the TTP,p the tactics techniques and procedures that the malware
authors are using and respond in a way where we can become more predictive of the threats
intercept them early we have at force points have been using machine learning for a decade now trying to understand threats without ever seeing that threat before.
The industry is responding back with a vengeance.
I think another real good thing to look at is the increased collaboration around the
security community and with governments around the world.
We share threat intelligence with national search teams,
with government agencies, with law enforcement, and we've had some successes with that. Some of
the botnets we've reported on have been shut down. So this is a good thing for all of us. We'd much
rather those malware authors be brought to justice. We often forget that these are crimes. You know, ransomware,
it's a crime. It's an act to defraud individuals and extort them. We mustn't forget that. So
really, you know, the focus on machine learning, increased collaboration with peer groups within
certain industries. People often cite finance as a great example of that,
how they collaborate.
And then just, yeah, looking at the end user,
educating them, they're becoming more aware,
they can help you.
They're part of your extended eyes and ears
looking out for these threats,
as they will continue to at all.
That was Carl Leonard from Forcepoint.
Next up is Evan Blair, CEO of ZeroFox.
We spoke at their booth on the RSA show floor.
ZeroFox is a social media and digital security company.
We help organizations safeguard their corporate assets in the social media world.
We help organizations protect their business
where they engage with customers and recruit new employees.
And we help organizations protect their business where they engage with customers and recruit new employees. And we help organizations protect their employees, their VIPs and executives,
as well as all of their end users or employees across the globe beyond the network perimeter,
beyond the device, into the social media land where we've obviously seen a new attack vector
arise that is causing major problems from targeted phishing to data
exfiltration to social engineering that really is impacting the ability for an organization
to secure and safeguard their operations.
I think we hear an awful lot about email when it comes to phishing attacks, ransomware,
and so forth, but there doesn't seem to be so much attention paid to social media.
I guess from your point of view that's a mistake
yeah it's definitely mistaken and look at it's not a it's not a criticism that
people are paying less attention to it
it's a it's a newer technology and we've seen this with all technologies over the
years as they become adopted by the business is kind of course core
operational platforms security then follows
we've been in business for a little over four
years now, and we've been signing up customers ever since we opened our doors. So it's not that
people aren't paying attention. It's just that I think the market dynamics are now shifting where
people are spending more energy and focus on it because it has a much bigger impact on their
revenue and their bottom line. And when anything impacts your bottom line, you're going to say, how do we protect it and safeguard that?
And I think we've also seen some really high-profile incidents of hacks and breaches
and targeted campaigns against organizations across social.
But there is an interesting challenge here in that social media exists beyond the network perimeter,
meaning it exists beyond the ability, traditional ability, of security teams to see and manage and govern that interaction and that data flow.
So it's not that there's less attacks on social.
In fact, there's more attacks on social than on email or web platforms that are successful.
But we don't hear about them as much because, well, no one knew about them until they were already a problem, until the data was already exfiltrated.
And forensics is very hard because social media is a real-time kind of data platform. So going back in time is virtually impossible for
most IR teams. So it's really presented an unprotected and unsafeguarded vector for the
cyber criminals and the cyber adversaries to target our company through our weakest link,
which is our employees and our customers. And so, yeah, it's not that it's less prevalent than anything else.
It's just that it's less visible than everything else.
And the goal of ZeroFox is to obviously change that dynamic
and give the power back to the security teams through visibility and control.
So walk me through it.
What does a typical attack via social media look like?
There's a lot of different types of attacks, and there's a lot of different motives and goals,
end goals in the cyber adversaries playbook.
But there's one central and key component to almost every social media-based attack,
and that's a fraudulent, spoofed, or impersonated account.
This can be impersonating an executive of an organization.
It can be spoofing an organization's official
account, or it can be creating a fraudulent persona that doesn't necessarily impersonate
somebody, but pretends to be somebody that it's not. And on social media, there's this
interesting paradigm of trust that we have, which is one of the reasons that it's the best
spear phishing platform in the world. So you've got this launch platform, which is a profile, and that's the epicenter.
Now, once I have a profile and once I have a connection with you, I'm in your circle of trust.
And so now my ability to influence you to click a link,
my ability to influence you to elicit data and information is much, much higher.
I can also target customers and steal
customer data in business data and so again it really depends on my my focus
as an adversary and what my tactic my goal is obviously the end goal is
usually data money probably both of those two things is that not number one
and number two but if I target your customers now I've introduced a whole
new risk for the business because not only am I trying to steal their PII, their customer data, steal their identities and sell it online by spoofing your
brand or your organization on social channels, but I'm also damaging your brand integrity. I'm
damaging your customer's trust in your organization. What are you seeing as we're looking forward to
2017? What are some of the larger directions and trends that you're noticing, and how do you
feel that you fit into those?
That's a good question.
So one of the things that I like to talk about, and I may be overstepping here, but the death
of the CIO.
The CIO in his traditional capacity of technology availability and a support structure for all the other department heads and business
units is quickly becoming old school, is quickly becoming outdated.
Now, that's not to say that the CIOs are going away.
But what I really mean by that is the CMO can now be his own CIO.
The CFO can be his own CIO with cloud applications.
With the move to cloud services, SaaS model services, the most famous one is Salesforce.com
of course, we no longer need internal IT teams to build out and manage bespoke platforms
to accomplish a CRM goal, to accomplish a finance and accounting goal, to accomplish
a marketing goal. We can quickly pay somebody on a credit card for a, to accomplish a marketing goal,
we can quickly pay somebody on a credit card for a couple hundred to a couple thousand dollars a month and stand up a platform that accomplishes all of these goals.
And so that introduces a big gap.
Because what the CIO provided was that oversight.
And the CIO typically had the CISO, Chief Information Security Officer, report to him.
What I'm seeing now is a rise to prominence of the CISO,
taking over that kind of enablement role from the CIO.
As the shared services are now cloud-based
and don't require that IT oversight and plumbing,
the CISO is now more important than ever,
and he provides the enablement
for the secure use of those cloud services, those shared platforms, those SaaS applications.
I see this in a lot of our customers. The CISO now has a board seat, or not a board seat, but
he is invited to the board meetings. He advises the CEO directly and oftentimes reports directly
to the CEO now bypassing the CIO if there
is still one at that organization. So I think security is going to take a front seat in the
boardroom and a front seat at the executive table, whereas in the past it's been the backseat. We've
always looked at IT spend and said, well, a fraction of that is security. I think we're going
to see that change. You're going to see that change.
You're going to see budget shift to cloud applications and cloud services. And you're
going to see more budget shifted and more resources shifted to security as data breaches
continue to grow, as the attack vectors continue to grow, as business continues to migrate to
social, mobile, and digital platforms. it's inevitable that a new way of thinking
about security and data protection
and individual user protection,
it's inevitable that that's going to be the dominating topic.
That's Evan Blair, CEO at ZeroFox.
Gabby Nisry is CEO at IEHU.
He shared news of some of their new offerings at the conference,
along with the trends that he's seeing. Here at RSA, we are launching our next generation
automation as a service platform. So for the first time, we basically present something that
will allow you to deliver services and automation
and capabilities that are actually consumed by mainly enterprises on-premise.
Now it will be available as a service.
And the ability for that platform to serve as a multi-purpose solution
for IT, security, cloud, IoT,
is something that nobody else is doing today.
So think about your organization
and the ability to deliver automation to the entire organization,
the siloed one.
So no matter you have application practices, infrastructure, security,
now they all can consume or even work together to build automation solutions for the entire
organization cross silos.
So with this new platform, we're going to target managed services mainly because they
are now being attracted by lots of the IT organizations who are outsourcing their infrastructure,
application, cloud practices.
And these days, they are also extending to the security.
I believe that managed services for us
is number one target market
where they can really benefit
from the value of the automation solution.
A, because they have army of people
who can really build automation practices around
all this kind of, you know, as I mentioned, IoT, cloud, infrastructure, application security,
and so on. So they can build their own IP on a platform. So they can leverage that and reuse the
automation pieces for customers across the globe. The second is the IT organization internally who are not outsourcing.
And this is where they can build their own automation practices and they can build operation
capabilities via automation for, again, for the infrastructure, for the application delivery,
and so on and so on.
And the same for cybersecurity, which is less mature,
but they are getting there.
So we believe that, you know,
since the IT is much more mature and progress
in how they leverage automation,
I think the security is a little bit far from that,
but it's getting there.
And so organizations that will adopt automation for their IT,
they will be able
to extend that to security from the same platform. As you look around the show this year, what are
some of the themes that you see? What are some of the things that strike you or the direction that
cybersecurity is headed? So I think automation and orchestration is now a big buzzword.
I've been here a year ago, and it was noisy, but this year, it's already crowded.
There are tens of vendors who are coming with their promise of automation orchestration for cyber security.
And we see also how VCs are attracted by this market segment.
And so we see lots of investments in this area and lots of buzz.
And I think the noise is much greater than what the reality is really facing.
You know, CISO offices are really crowded with tons of tools.
And here another one.
And CISO are yet to figure out what they can do with that.
So I think it's number one theme that I see here.
And I think for us, it's great because it
raised the awareness of, you know, automation
and orchestration and how it is
important for security operations
to be able to scale their business.
Many people talk about the lack of
people that they can, you know, find and hire
for their security operations.
I believe it's true.
So it's really hard to find these guys who can manage SOC and 24 by 7 operations.
But I think it's important to understand that you need people also to deploy these tools.
And if they are too complex, coming with too much scripts inside,
you probably could fail.
If it's too close, like a black box, it's also limiting you,
so it's going to fail.
So I think you need to find something more flexible,
something that you can scale,
and something you can actually build your practices on top of.
Gabby Nisry from IEHU.
We give the last word in our RSA Conference Review to Jason Porter,
Vice President of Security Solutions at AT&T.
It was really interesting this year.
I think it continues to evolve.
You know, having been a part of the security industry for a number of years, you know,
really the evolution is one of the most interesting things to me.
You know, you constantly see sort of new flashy technology, whether it's CASBs or next generation
firewalls or threat. you know, those have been
some of the themes of previous years. I thought, obviously, those were still present in this year's
RSA, heard a lot about IoT security, heard a lot about threat and new threat capabilities.
But I also think that the industry is maturing as a whole,
and you could see a lot of customers asking much deeper questions.
How am I going to operate this? How am I going to do this efficiently? operations and basics about how do you build that strategy given the multitude of opportunities
from a technical perspective.
So I was really encouraged by just the evolution of thinking around the practical nature of
solving security challenges.
And that's our CyberWire 2017 RSA Conference Special Edition.
Thanks to everyone who took the time out of their busy RSA Conference schedules to meet with us,
and thanks to you for listening.
The CyberWire podcast is produced by Pratt Street Media.
Our editor is John Petrick.
Our social media editor is Jennifer Iben.
Technical editor is Chris Russell.
Executive editor is Peter Kilby.
And I'm Dave Bittner.
Thanks for listening.
Thank you. trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach
can keep your company safe and compliant.