Interviews | February 23, 2018

Black Hat Global Partner Interviews: HackerOne, Illumio and ZeroFOX

Alex Rice

Alex Rice
Chief Technical Officer and Co-founder


Q: What's driving the growing enterprise interest in managed bug bounty platforms like HackerOne? What's the biggest benefit of such programs for them?

Security vulnerabilities are inevitable. So long as [humans produce] technology it will always contain flaws with potential security implications. Working with the hacker community is a proven way to find vulnerabilities your team may have missed. HackerOne's customers have found more than 64,000 valid security vulnerabilities to date. Organizations like Google, Facebook, Microsoft, the Singapore Ministry of Defense, Zomato, General Motors, GitHub, Nintendo, Qualcomm work with hackers because they help identify unknown vulnerabilities fast.

Q: What do you see as some of the biggest changes happening in the ethical hacking realm at the moment? How do you see your services/platform evolving over time?

When a vulnerability is found, it needs to get into the right hands quickly. This is the only way to ensure it will be resolved safely without public harm. In 2017, HackerOne looked at the Forbes global 2000 and found that only 94% had a way for ethical hackers to safely report a security vulnerability. With this increased popularity of ethical hacking, we are seeing more organization publish what is known as a vulnerability disclosure, or responsible disclosure policy that makes it easy for someone outside of your organization to safely report security issues. It's in our collective best interest to help friendly hackers be able to disclose vulnerabilities to any organization.

HackerOne is always investing in improving the platform for both our hackers and customers. For customers, we are investing in maintaining the highest signal to noise ratio in the industry. While we know that eliminating all noise is improbable, we aim to target 90% signal - a standard that hasn't been seen on in our industry. With platform features and HackerOne's managed programs, we want to make it easy for customers to identify the critical vulnerabilities faster.

We are always looking at how we can reward hackers faster, help them improve their skills with initiatives like our free Hacker101 training course, and offer even more relevant programs to hack on.

Q: HackerOne is a Global Partner at Black Hat Asia 2018. Why is it important for your organization to be at the show? What's HackerOne's main focus going to be at the event?

Black Hat events bring together members of the security community to have conversations about what is working and the challenges we are all facing. Hackers from the community in India, Hong Kong and China are among the most successful on the HackerOne platform, according to The 2018 Hacker Report. We sponsor Black Hat Asia to support the groundbreaking security research and defensive techniques presented by the community.

PJ Kirner

PJ Kirner
Chief Technical Officer


Q: Talk to us about Illumio's adaptive micro-segmentation technology. What exactly is it and what specific enterprise security need or issue does it help address?

Application environments have become more virtualized, dynamic, and distributed, making it easier for bad actors to gain access to applications and data. The Illumio Adaptive Security Platform prevents the spread of cyber threats inside data centers and clouds by effectively creating 'watertight' compartments with adaptive micro-segmentation to prevent these bad actors from accessing, corrupting, or stealing sensitive information.

There are so many reactive security solutions that tell you when you've been breached and what happened after the fact. Despite the renewed focus and investment in security over the past few years, high-profile breaches are still pretty common. What's really needed is a proactive approach to prevent breaches in the first place. This is where micro-segmentation comes in. We see it becoming increasingly foundational security infrastructure and our customers see it as something they need to have in place as a core part of their security program.

One key advantage of Illumio is that we're not tied to infrastructure like network and hypervisor-based solutions. We secure workloads running anywhere on anything, including bare-metal, virtualized servers, and containerized environments in private data centers or clouds. Many customers have come to us because they have a mix of platforms running across various infrastructure and no other solution could help them.

Our whitelist-based policy model is also unique in that it's tied to the labels we use to classify workloads. Our policies are very human readable, making it easy for anyone in the organization to write and understand, yet extremely powerful. For example, one customer replaced 15,000 firewall rules with just 40 Illumio policies.

An important insight we learned early from our customers is that success with micro-segmentation requires real-time application dependency mapping combined with enforcement. The two are tightly coupled with Illumio and have allowed our customers to achieve segmentation goals quickly.

Q: What are some of the different ways that enterprises are using the Illumio Adaptive Security Platform?

We have customers protecting environments of all sizes, from under 100 workloads to upwards of 50,000. Size isn't a factor. It's all about how critical those environments are to the business.

All customers start with our real-time application dependency map. You really have to see and understand the dependencies and what's connected. Most customers either haven't had this view before or ran an application dependency mapping exercise that quickly became out of date as soon as the project ended.

With an understanding of application dependencies, customers can focus on improving protection for their high-value applications by ring-fencing them with micro-segmentation.

These applications can be in private data centers or public cloud and we're seeing more hybrid cloud and multi-cloud deployments, too. Customers realize it's difficult to protect these environments with traditional solutions and network or hypervisor-based approaches.

We also see many financial services and healthcare customers driven by compliance or regulatory requirements like PCI, SWIFT, and HITRUST. GDPR is a big driver, too. Each requires that you isolate or segment off entire environments to meet compliance goals. Not being able to do this could result in penalties or make it difficult to do business.

Some customers are also driven by internal audit requirements which map back to customer commitments. Think about SaaS providers, legal firms, and financial services companies that provide services and host a lot of sensitive customer data. They have to ensure that [only those who need to access data] should access it. They also need to be able to ensure data and environments don't mix.

Again, to do any of this, you really need the visibility of a real-time application dependency map. Without visibility, you don't know what's connected and how things are communicating. You need that understanding to create the right policies.

Q: Illumio is a Global Partner at Black Hat Asia 2018. How are you planning on using your presence at the event? What is your main messaging going to be?

This is our first big show in Asia, so part of our presence will be introducing Illumio to the region. We'll be talking about how we can help improve security and stop threats from spreading across application environments. Unauthorized movement across application environments coming from either internal or external threats is a big common concern.

We tend to have quite a presence at these shows, with a live theater-style demo being the centerpiece of our booth on the show floor. Our demo shows what the product is all about and what it can do. Since it's live, we take lots of questions and sometimes that ends up driving where the demo goes. It makes these shows a lot of fun and keeps us on our feet, too.

James Foster

James Foster
Chief Executive Officer


Q: ZeroFOX has raised $100 million in investor funding. What's driving that interest from investors? Are you considering an IPO like some have speculated?

Investors recognize that every company, regardless of size, vertical or geography, is affected by critical risks on social media. The attack surface has fundamentally changed when it comes to business communication, employee communication and the need for security, visibility and control around those new communication platforms. For an attacker, the process of profiling and attacking a target has never been easier; all of that information is now available online. Best of all, attackers can create fake accounts, target any employee and deliver an attack without ever touching the firewall or triggering an alarm.

Investors understand both that every modern organization is at risk and that these new challenges require a new breed of intelligent security solutions. Simply put, ZeroFOX is delivering the best-in-class technology to secure organizations across their biggest blind spot: social media and digital channels. In short, the opportunity to help customers is massive and our investors recognize it.

Q: What do organizations need to understand about the nature of threats they face across social media platforms? How does your technology help address those risks?

Risks across social media are diverse. Much of the risk is the same types of attacks businesses have been dealing with for decades, now just with a scalable, easy to use, highly efficient new platform: spear phishing, malware delivery, customer scams, spoofing, executive threats, data loss, insider threats and more. Attackers can also engage in new activities, such as account hijacking, which is an increasingly popular and damaging tactic. Addressing these threats requires a respect for the dynamic data that composes social media. Ingesting and analyzing this data is difficult, and the attacks change quickly in the social media landscape. Our technology applies data science and automation techniques to address this diversity of threats. However, identifying risks is not enough, and we work with our customers and the social networks to remediate threats, ensuring our customers are taking meaningful control of their social media exposure.

Q: What do you want people attending Black Hat Asia 2018 to take away from ZeroFOX's presence at the event? What do you want them to learn about the company and its vision?

The attack landscape has fundamentally changed, and the perimeter is deteriorating rapidly. This has been occurring for several years with innovations in mobile and IoT, but social media is the nail in the coffin for the old framework of how businesses secure themselves. Security teams have no choice but to look outward to identify threats. When the business and every employee spend more time on ungoverned, external channels, security teams can no longer wait for the threats to come to them. ZeroFOX is working to shift the paradigm to help modern security teams address the realities of the attack landscape, using automation and data science to tackle new threats.

Sustaining Partners