Q1. How have threats to OT and ICS environments evolved in recent years? What impact has pandemic-related business disruptions had on the environment?
The biggest fear we have consistently seen in OT environments is the fear from ShadowOT devices appearing that break the isolation and air gap strategy implemented in many OT environments. Many Covid-bubble working policies prevented maintenance engineers from being on-site to make changes inside specified time windows. As a result we have seen remotely accessible backdoors spring up in many OT networks, The Florida Water breach is a typical example where a remote access tool like TeamViewer is being used remotely, but is configured insecurely resulting in unauthorized access that could have poisoned the drinking water for thousands of people.
New devices with radio antennas are also popping up in abundance to presumably enable a remotely accessible maintenance path to the ICS systems, which again pose long term security concerns if no one knows about their existence.
Q2. What do you perceive as the biggest threats to enterprise IoT environments currently? What capabilities are organizations going to require in the years ahead to properly secure their IoT infrastructure?
The biggest threat to organizations with an IoT environment is failing to demonstrate appropriate and proportionate security controls that expose the organization to "serious blame" liability. In IT, organizations have had many years to assess and deploy security controls to mitigate risk. IoT for many, is a risk management blindspot and a hot topic for many cyber resilience frameworks that are adding IOT addendums to existing ones such as NIST and World Economic Forum.
Q3. What do you expect will be top of mind issues for your customers at Black Hat Asia 2022? What does Armis plan on highlighting at the event?
The macro environment for cyber professionals is fast changing. Recently we have seen a spike in ransomware attacks targeting critical infrastructure including hospital networks, rogue states challenging the cyber resilience of NATO members and groups attempting to siphon digital assets and data from a range of market participants. A multitude of bad actors are attacking the UK and the whole of EMEA on a daily basis.
We envisage that device, systems, and environmental security will be top of mind. We are seeing a wide range of IoT, IT, ICS, OT and IoMT devices being corrupted and utilized by foreign actors. Ensuring a firm is cyber secure and cyber resilient is top of mind. We will be showcasing how we have recently helped governmental and corporate entities from being attacked and allowed them to see all the assets in their environments. We will be sharing our latest research and findings on these topics.
Q1. Why has software composition analysis become so important for enterprise organizations? Is security the primary use case for it, or are there equally other important use cases for SCA?
Digital transformation is now on every company's agenda. As enterprises begin their digital transformation journeys, manual tracking of open-source code is no longer sufficient; it simply can't keep up with the sheer amount of open-source code being used to accelerate development. Development speeds in enterprises are skyrocketing due to the adoption of DevOps methodologies and organizations need security solutions that can maintain development velocity. Automation within SCA tools helps to achieve this.
Security remains the main driver for software composition analysis because cloud-native applications, as well as traditional applications, are becoming more complex in their nature.
Besides security, the other use case for software composition analysis is license compliance. There are many different types of open-source licenses each with its own benefits and limitations. Organizations need to be careful at using certain licenses that might violate their company's policies and break end-user agreements.
Q2. How have cloud adoption and microservices architectures complicated the secure code development challenges at enterprise organizations?
Security remains the main driver due to the fact that cloud-native applications as well as traditional applications are becoming more complex in their nature.
There are many moving parts in a distributed cloud native architecture, and as a result, the attack surface has increased. Also, as more and more cloud infrastructure is being codified and therefore automated, developers (who are not security experts) are maintaining these components, which can leave businesses exposed through weak links in the software supply chain.
Q3. What can customers expect from Snyk at Black Hat Asia 2022?
Developer-first security is our core. We are looking forward to sharing our developer-first security practices and industry insights on software supply chain security along with example use cases. Come visit us at Booth A01, talk to our experts and find out more about our Cloud Native Application Security platform and how we help other enterprise organizations achieve their DevSecOps goals.
