CyberWire Daily - RSA Special: Trade and Investment [Special Editions]
Episode Date: March 10, 2016RSA in an international conference, with attendees and exhibitors from around the world. Andy Williams is the UK Cyber Envoy. His mission at RSA was to spread the word about his nation’s significant... cyber capabilities, to help facilitate business relationships with companies in the US, and to promote the technologies that UK companies were showing at the conference. Telesoft Technologies is one of those companies, and Matthew George is their CTO. He’ll tell us about their effort to bring the speed of FPGA’s to the market. And finally, we’ll hear from Ezequiel Gutesman, Director of Research at Onapsis Research Labs. He’ll share the findings from a Poneman report on security within German software giants SAP's offerings. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. back. If you're not killing these people, then who is? That's what I want to know. Starring Kaley Cuoco and Chris Messina.
The only investigating I'm doing these days is
who shit their pants. Killer messaged
you yesterday? This is so dangerous. I gotta
get out of this. Based on a true story.
New season premieres Monday at 9 Eastern
and Pacific. Only on W.
Stream on Stack TV.
In a darkly comedic
look at motherhood and society's expectations,
Academy Award nominated Amy Adams stars as a passionate artist who puts her career on hold to stay home with her young son.
But her maternal instincts take a wild and surreal turn as she discovers the best, yet fiercest, part of herself.
Based on the acclaimed novel, Night Bitch is a thought-provoking and wickedly humorous film from Searchlight Pictures.
Stream Night Bitch January 24 only on Disney+.
In this CyberWire special report, we take a look back at RSA,
specifically at international opportunities for trade and investment in cybersecurity.
cybersecurity. I'm Dave Bittner in Baltimore with a CyberWire special report on trade and investment. It's Thursday, March 10, 2016, and thanks for joining us. We had occasion at RSA
to speak with representatives of several international firms and government trade
missions, some of the firms we've discussed in earlier posts. We offer a summary of our
conversations with three others in today's edition.
The United Kingdom was heavily represented at RSA, and we spoke at length with Andrew Williams,
their cyber envoy to the United States.
It's worth noting a few patterns in the UK's very active presence in the cybersecurity market.
The government has taken an active role in the incubation and promotion of cyber startups.
The government has taken an active role in the incubation and promotion of cyber startups.
There's an obvious alpha customer in the UK, and British universities are also making a substantial contribution to research and development.
We'll hear from Andrew Williams after the break.
We had an opportunity to visit the German pavilion as well, where we spoke with representatives of that country's Internet Industry Association. German firms exhibit a strong commitment to international business
and a sophisticated understanding of the agreements, policies, and regimes that shape it.
The well-established, if dismal, principle that living in a bad neighborhood
tends to produce innovative security products and technologies
was borne out by what we learned in conversations with representatives
from the Republic of Korea and Israel.
South Korean companies are fueled by the necessity of coping with essentially continuous cyber mischief from their northern neighbor on the peninsula.
We've been following developments there this week,
as South Korean intelligence services outline recent cyber espionage campaigns mounted by the DPRK,
and as the U.S. and the Republic of Korea move to make an already tight cooperative
relationship even closer. We spoke with Tyle Cho of the Korean Trade Investment Protection Agency.
He stressed the country's openness not only to exporting advanced technology,
but also to partnering with international businesses. We also note that the U.S.
Department of Commerce will be sending a trade mission to South Korea this May.
The mission will visit Japan and Taiwan as well. You can read about our discussions with Skate Offense, Fort Scale,
and Secto, all of which operate in Israel, in today's special RSA retrospective on our website,
thecyberwire.com. This podcast is made possible by the Economic Alliance of Greater Baltimore,
helping Maryland lead the nation in cybersecurity with a large, highly qualified workforce, 20,000 job openings, investment opportunities, and proximity to key buyers. Learn more at greaterbaltimore.org.
RSA is, of course, an international conference drawing attendees and exhibitors from around the world.
Andy Williams is the UK Cyber Envoy.
His mission at RSA was to spread the word about his nation's significant cyber capabilities,
to help facilitate business relationships with companies in the US, and to promote the technologies that UK companies were showing at the conference. Telesoft Technologies is one of those companies. Thank you. research at Onapsis Research Labs. He'll share the findings from a Poneman report on security
within Germany's SAP. First up is Andy Williams, cyber envoy from the UK.
We have a very strong position in the UK. I think the UK is generally recognized as one of the
top three leading countries in terms of providing cybersecurity capability globally. We have very
strong heritage in cybersecurity going back to the Second World War
and signals intelligence, and obviously a very strong collaborative relationship with the U.S.,
which is another reason why U.K. companies are interested to engage in the U.S. market.
The U.S. and U.K. have much in common, says Williams, making them a natural fit.
Actually, the U.K. is the most popular destination for U.S. cybersecurity companies
who are seeking to enter the European market,
for all the obvious reasons around common language,
similar business regulatory environment, etc.
About 80% of all U.S. companies that decide to enter the European market are originally set up in London.
And they find that a very business-friendly environment.
But also, there are already extremely strong links between the U.S. and the U.K.
So if you're a U.S. company that's been doing business successfully in the U.S.,
you're likely to have clients that have some kind of operational presence in the U.K. already.
Part of his team's responsibility is providing support for international companies that wish
to do business in the UK.
Yes, so particularly when you're entering a new market for the first time, building
relationships is fundamental.
So part of what the UK government does is help organizations that are coming in to understand
who they need to meet with
and what they need to know in order to accelerate the launch of their business in the UK.
We also help companies that set up in the UK that become incorporated as UK companies
to export to other European markets.
It's not only about helping them set up and establish in the UK,
but if they're targeting
mainland Europe or even the wider European Middle East and Africa market, we have people in country
that can help support them in those markets as well. Mr. Williams also shared his view on the
Safe Harbor Privacy Agreement. We're actually supportive of the idea that the Safe Harbor
Agreement needs to be developed and made more relevant for the environment that we're living in today.
More and more companies, particularly as cloud computing, for example, develops,
are needing to host customer data outside of the originating country.
And our view is that that is absolutely vital for the development of global commerce.
However, it needs to be done in a safe and secure way.
And obviously, the European Union
and some of the efforts that it currently has underway
will be effectively launching Safe Harbor Version 2,
which will have built into it
many more personal safeguards around how data is used,
how it's stored, how an individual has rights to understand how that data is being stored and used
in other countries, and we welcome that. He also highlighted some of the structural
differences between the way the U.S. and the U.K. handle governmental cybersecurity.
In the U.S. right now, you have the Department of Homeland Security,
which is an overarching agency.
We don't have currently an overarching agency,
so cyber is handled in a number of different ways in government.
However, we're about to launch the new UK cybersecurity strategy
in the next month or two,
and that's one of the aspects that we're currently addressing.
So we will be standing up a new national cybersecurity center
that will become a focal point for all of the government's cybersecurity activity in the UK,
looking fairly similar in shape to what the DHS does here in the US
as that overarching agency that supports the whole of government on cybersecurity.
The U.K. has substantial resources in place to help companies looking to explore the possibilities of doing business together.
We have a network of consulates all over the U.S.
I'm personally based in Washington, D.C., but we have consulates in about 20 regions of the U.S. with staff who are trained and knowledgeable about helping U.S. companies
even before they've decided to export on what they need to understand.
Once they've gone past that stage,
we can actually put them in touch with experts in the U.K.
that can help manage the process of setting up.
So, for example, finding partners
and being put in touch with professional services experts
that can handle the legal aspects of setting up in the country
and a raft of other services.
So that can be done both here in the US and also in the UK.
Telesoft Technologies is one of the companies that Andy Williams is promoting,
and Matthew George is their CTO.
They're a hardware company leveraging the speed of FPGAs,
Field Programmable Gate Arrays.
We've been about for 25 years.
We've come from the CSP and secure government sort of sector, traditionally kind of looking at telephony and signal processing. And more recently, we've
swung over to try and leverage that technology with a view to process packets and accelerate
applications running on commodity hardware, with a view to helping people achieve total network visibility
with a goal to improving their incident response.
Telesoft uses the hardware of FPGAs to accelerate processes that traditionally ran in software.
If you were to ask me, you know, kind of, what's at the core of Telesoft technology,
there's a bunch of very clever guys coding VHDL
and creating FPGA binary images that we use,
and we custom those images to accelerate applications.
So things like Bro, Suricata,
things that integrate with Splunk
and other kind of seams and things like that.
To give these incident response teams a real kind of leg up
to help them look at the internal traffic within their network.
A lot of these security teams, they have really good kind of protection
at the boundary of their network,
but quite often the interior of their network is, A, kind of much higher throughput,
so a lot more packets flying around.
It's harder for them to get a grasp
on what's going on within that network.
So we've chosen to accelerate open-source applications
because they present less of a monolithic black box product
for people to get their heads around.
So people might be taking perimeter kit from kind of FireEye or Palo Alto, whoever. But really, when you've got
these dedicated teams working full time to look at data within their network and respond
to incidents and work out root causes, etc., they really need a product that they can get
their heads around, maybe talk to the development team,
you know, that sort of level of involvement. According to Matthew George, the advantages
of using hardware over software are speed and scalability. When you want to scale to extreme
data rates, and typically when you're looking inside your network, your traffic is going to be,
you know, an order of magnitude bigger than your perimeter traffic. So at that point, will software
scale? Maybe. Can you run DPI on 100 gig of
traffic and software? That's going to be a real challenge.
Can you produce unsampled net flow on 100 gig of data?
Again, that's going to be a real challenge if you're just using software.
So I think the power of FPGA is its ability to process every packet at line rate.
You can't sample. You have to look at every packet.
And that's where FPGAs come into their own.
You're coming straight off the wire, straight into an FPGA,
and then we're passing the packets up to software,
but we're adding a real kind of, you know,
kick in the pants from a performance perspective.
You can learn more about Telesoft at telesoft-technologies.com.
Onapsis Research Labs sell a security platform that works with products from German business software giant SAP.
Ezekiel Guttisman is director of research at Onapsis,
and they sponsored a Ponemon Institute research survey on SAP cybersecurity.
Well, basically we interviewed more than 600 IT practitioners
and we came up with really interesting numbers.
The most interesting things came up when most of the interviewed people
really understood that they have had a problem and lack of visibility in Terraform's SAP security.
They really don't know how to tackle that of visibility in Terraform's SAP security.
They really don't know how to tackle that.
The patching windows for SAP systems are huge.
So you're facing the problem of deciding when to apply a patch. And sometimes we had customers that couldn't apply that patch for eight months since the patch was available.
So basically, since the moment we discovered our vulnerability,
So basically, since the moment we discovered our vulnerability, there have been some cases where 12 or 24 months in some cases of exposure were there. So what we try to do is reduce that window and give visibility to the people responsible for the security.
Also, from the report, there's no clear ownership who owned the SAP security, whether it was the IT security teams or the SAP application teams.
Also, part of our work is bringing those teams together and give them the information they need and what they need to patch, help them prioritize and plan their security practice.
The study found that in many companies, there was a knowledge gap at the executive level. Most of the data here expresses that people, the senior management doesn't really know.
For example, there's a question where our senior leadership knows what data resides
in our company SAP systems. Only 23% said that they did. And that's a surprise because
SAP systems are responsible for carrying all the business information, financial, and integrations with financial endpoints.
And then the lack of visibility they have for the security of those platforms.
Since a few years ago, you would ask about SAP security, and they would say, well, but that's in our internal network.
But nowadays, there's no such thing as the internal network.
They are interconnected with mobile devices
and external applications and external services.
So you really need to have a fresh look
at how SAP security is evolving.
The speed in which vulnerabilities are discovered
is way faster than the speed that customers can patch.
You can read the complete Poneman report on security within SAP systems at onapsis.com.
And that wraps up our RSA 2016 special coverage.
Thanks again to everyone who visited us at our booth
and helped us spread the word about the CyberWire and the CyberWire podcast.
We're growing like gangbusters and we couldn't do it without you.
So thanks.
The Cyber Wire is a production of CyberPoint International
and our editor is John Petrick.
I'm Dave Bittner.
Thanks for listening.
Cyber threats are evolving every second and staying ahead is more than just a challenge. Thank you. designed to give you total control, stopping unauthorized applications, securing sensitive
data and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company
safe and compliant.