Interviews | May 18, 2018

Black Hat USA Platinum Sponsor Interviews: Bomgar, F5 Networks, Optiv, Spirent, and ZeroFOX


Matt Dircks

Matt Dircks
CEO
Bomgar

Bomgar

Q1. A large number of data breaches these days are linked to vulnerabilities caused by third parties operating with an organization's internal network. What is it that organizations need to understand about the nature and scope of the threat and how to mitigate it?

In April we released our 2018 Privileged Access Threat Report which surveyed more than 1000 IT professionals in four different countries. It revealed that most breaches are linked to vulnerabilities caused by staff or third-party vendors operating within an organization's own network. In fact, the report showed that 50% of organizations claimed to have suffered a serious information security breach, or expect to do so in the next six months, due to third-party and insider threats. Poor password hygiene – such as writing down passwords or sharing passwords – was identified as one of the primary causes of these breaches.

The lesson here is that organizations need to understand that the way to mitigate risk is by controlling privileged access to sensitive systems and applications through technology and automated processes that not only save time, but also provide visibility across the network. Our Privileged Access Threat Report provides supporting evidence for this position. The report revealed that organizations using automated privileged access management technology experienced far fewer breaches than those that did not.

Q2. Why did Bomgar acquire Lieberman and how will the purchase help customers?

With the acquisition of Lieberman Software, Bomgar is now offering best-of-breed privileged access management (PAM) and privileged identity management (PIM) technology through a single vendor. That means we're positioned to deliver even more value to customers than each company was already delivering individually.

Remote access is the most common attack pathway for hackers, and the majority of data breaches involve stolen privileged credentials. The combination of Bomgar and Lieberman Software is helping our customers proactively address both of these threats. We now have the most comprehensive approach to securing access to critical systems while ensuring that the credentials to those critical systems are actively managed and protected.

Bomgar already excelled in privileged access and session management solutions. By acquiring Lieberman Software we added advanced technology to automatically discover and secure privileged credentials while simultaneously identifying and neutralizing attacks. This is a true defense-in-depth solution.

Q3. What is your focus going to be at Black Hat USA 2018? What is your main messaging at the event?

One of our major themes at this year's Black Hat involves the rapid pace of change with which today's organizations must deal. This could be changes in IT staff, changes in regulatory compliance requirements, or changes in the IT infrastructure as systems, devices, and applications continuously come on or off the network. It could also be defending against new cyber threats that are constantly emerging and evolving - whether they're from internal or external sources.

At Bomgar we believe that staying ahead of all these changes can only be accomplished with automated technologies that can operate much more quickly than manual processes. An example of this is how we help our customers automate the lifecycle of their privileged identities for administrative access. That means throwing out the traditional concept of having people change privileged passwords. Instead, our customers use our privileged identity management technology to continuously update all their privileged credentials throughout the enterprise. This keeps our customers one step ahead of the advanced cyberattacks that seek out these powerful credentials to gain the access they need. Our customers are constantly bombarded with changing cyberattacks. We help them adapt their defenses to these attacks at speed and scale.


Ram Krishnan

Ram Krishnan
Senior VP, GM Security
F5 Networks

F5 Networks

Q1. You were recently appointed senior vice president, and general manager of security at F5. What is your immediate mission at the company?

It's been a whirlwind first few months. My first priority has been to meet and listen – to our customers, partners, F5 internal teams and others. I wanted to hear about the challenges, opportunities, and barriers each of them faced. I heard over and over about the importance of applications, as both vehicles for digital transformation and business growth, as well as – unfortunately – a vector for increasingly sophisticated attacks. In fact, recent research from our F5 Labs team shows that applications and identities are the target in 86% of breaches.

F5's approach is grounded in helping customers get the most out of their applications while providing cutting-edge protection in an ever-changing threat landscape. Last month, we launched our Advanced WAF solution, the newest part of our industry-leading WAF portfolio, and a major update to DDoS Hybrid Defender. Together, these represent a significant step in the evolution of our family of dedicated security products that are built to provide security teams with solutions that address their unique needs, getting them the information they need to know, when they need to know it, so they can to take necessary actions.

Q2. Talk to us about F5 Networks' new Super-NetOps initiative. What exactly is the initiative about and what specific issue is it aimed at addressing?

The Super-NetOps initiative is aimed at bringing together IT and developers to evolve critical expertise into the modern, automated, DevOps driven culture of many of today's IT organizations. The mission of the Super-NetOps program is to help IT operations professionals by providing the skills necessary to standardize critical application services, including security, and provide them within automated toolchains. This will enable teams to reduce time to service from days to minutes, while ensuring all applications have necessary compliance, policy and performance standards.

The initiative currently includes a free, on-demand training program that augments the reach of live trainings delivered all over the world. The training course has two modules covering DevOps methodologies and the concepts of automation, orchestration, and infrastructure-as-code.

In keeping with DevOps, we are constantly augmenting and improving our products to enable the security component (SecDevOps) to create security infrastructure as code as well. In order to guide our security customers through this transition, we will add security-specific features and examples to the curriculum. The training will explain specifically how DevSecOps can incorporate F5 security systems into the automated deployment systems (CI/CD). The curriculum will also evolve to address other fundamental topics such as agile methodologies, application language frameworks, and third-party automation toolchain enablement.

Q3. What do you want attendees at Black Hat USA 2018 to know about how F5 Networks is evolving its products and technologies to address their ever changing needs?

F5 has been delivering security products for years. Our unique place in the network – sitting at the intersection of all application traffic in and out of the organization – has given us the insight and ability to apply critical security capabilities, such as WAF, DDoS prevention and access management in a superior manner. Our dedicated security products aim to extend that expertise, and what we know about applications, to directly service the needs of the security team.

You will continue to see us roll out more products and more capabilities that help customers protect their most valuable assets - applications and data - in a multi-cloud world. This includes a broad range of form factors, platforms and consumptions models, from standalone hardware to software, to managed services. Our goal is to provide industry-leading protection for every application, anywhere.

In addition, we created our F5 Labs team a few years ago to enhance the discussion of threat intelligence in today's application-centric world through a diverse set of perspectives and data sources. Our F5 Labs team today combines the expertise of our security researchers with threat intelligence data to provide actionable, global intelligence on the "who, what, when, where, why and how" of cyber threats—and to identify future trends.


Peter Evans

Peter Evans
CMO
Optiv

Stu Solomon

Stu Solomon
Chief Technology and Strategy Officer
Optiv

Optiv

Q1. Peter, what is Optiv's Secure Data Reference Architecture about? How does it benefit customers?

SecureData@Optiv is a reference architecture that provides a programmatic approach for rapid deployment of a secure data lake. It harnesses vast amounts of data from security infrastructure, intelligence feeds and other information sources, and runs analytics for a number of security functions, delivering actionable, and prioritized intelligence. This approach further automates security operations, increasing response time, further maximizing the value of security program investments, and optimizing security program costs.

SecureData@Optiv is based on system design and vendor components that have been proven in multiple client environments. One example: a large healthcare provider recently partnered with us to build and deploy a secure data lake. We developed and implemented a comprehensive secure data solution tailored to the client's needs through identification of common use case patterns. Our solution lowered the barrier to entry by providing open source software proof of concept, augmented in-house data scientists/analytic developers, and deployed hundreds of fully configured nodes in minutes. The partnership produced competitive advantage for this client, decreasing incident response time from an average of two to four hours down to 12 minutes, and providing average monthly savings of $100,000 - $400,000 as a result of simplified fraud detection analytics. These are just a few ways we think SecureData@Optiv will provide value for our clients and we're thrilled to be offering it.

Q2. Stu, as the new/first chief technology and strategy office at Optiv what are your marching orders? What's your immediate focus?

Optiv has been building integrated solutions based on reference architectures to address the most pressing and compelling security program gaps. By reference architectures, it is important to understand that we are not just talking about a "component diagram." A reference architectures is as much an opinion--one based on working with thousands of customers around the world to solve their most complex security problems--as it is the intellectual property, interfaces, API's, business processes, and implementation nuances to bring together these solutions to match each customers unique needs. In my role, my primary focus is to further accelerate the process within Optiv for development of these solutions, to advance how we work with partners to bring together innovation in a comprehensive manner, and to work with Peter and others within Optiv to bring these solutions to market.

Q3. Peter, how is Optiv leveraging its acquisitions of Decision Lab and Conexys to benefit customers?

"Big data" has become a dominant force in the modern business landscape. As security experts, we recognize big data has an even larger role when it comes to cybersecurity. Organizations, especially large enterprises, are generating more and more security data every day, not only from security tools, but also from all points of knowledge in the enterprise. This makes it an increasingly strategic imperative for businesses to get more value out of these data assets. Companies need help making sense of the overwhelming amount of data they have and determining how this data can improve their security programs in the most cost-effective way. Decision Lab and Conexsys' stellar reputations and maturity of their big data and analytics capabilities is unparalleled in the industry. We believe the combination of their unique expertise with Optiv's cyber security solutions and experience will help our clients get clarity from their complex security data and determine how to maximize the value of that information.

Q4. Stu, why is it important for Optiv to be at Black Hat USA 2018?

Black Hat is one of the premier shows in the industry and our expanded presence this year is a reflection of our [accelerated growth] as an SSI and the industries need for a new perspective on solving security issues. Further, as we expand internationally in order to serve our clients across the globe – which takes on even more importance as GDPR looms large – it is vital we are on the cutting edge of the latest and greatest research and developments in cyber security. Those types of developments happen at Black Hat in large part because it is such an international event, drawing attendees from every corner of the globe. Every year, Optiv looks forward to this event and we're thrilled to be involved again in 2018.


Eric Hutchinson

Eric Hutchinson
CEO
Spirent

John Weinschenk

John Weinschenk
GM for Applications & Security
Spirent

Spirent

Q1. Eric, Spirent has traditionally focused on network equipment manufacturers and service providers. Tell us a little bit about Spirent's strategy and its key areas of focus in security sector.

Security has been a part of Spirent's testing solutions for many years. As our world becomes more connected, the points of compromise have increased. However, Spirent is well positioned to help our customers navigate the complexity of risk mitigation. Security solutions layer seamlessly onto our rich history of testing networks, mobility, and GNSS giving our customers insight into reliability, scalability, performance and security posture from a single vendor. Our traditional business has focused on network equipment manufacturers and service providers. The key areas for focus with our security strategy is to help our customers with security compliance regulations, provide integrated performance and security intelligence, and support our customers from tactical remediation up to the board level discussions of security strategy and how it relates to corporate initiatives.

Q2. John, what security, privacy and safety challenges does the emergence of an increasingly connected world pose for enterprises? How are you helping customers address some of those issues?

Our increasingly connected world has increased the expectations for high availability and easily accessible information. Enterprises are challenged with meeting the demands of customers, while also proactively addressing security concerns, which is largely reliant on getting intelligence in a consumable manner to quickly address remediation. Spirent understands the complexities of the connected world from traditional, Wi-Fi and mobile networks to GNSS and positioning. We are able to leverage our rich expertise in all things connected to provide technology and security services to help our meet the most demanding compliance standards and proactively address cyberthreats. With Spirent on their side, our clients are able to fully leverage technology advances such as IoT, mobility and cloud, while delivering on their promise to their own customers of consistently secure interactions.

Q3. Eric, what impact is the GDPR and regulations in general having on demand for Spirent's range of services? How is Spirent positioned to help customers comply with regulatory requirements?

As a UK based company, we are quite familiar with GDPR. Our SecurityLabs services team helps customers with traditional compliance regulations as well as emerging ones such as GDPR where we address Incident Response Readiness Assessments and penetration testing.

Spirent is a global organization with a strong presence in major global markets, which gives us hands on insights to the global and regional security demand of our customers. GDPR specifically continues the global conversation of data protection and security, similarly to CREST. As the connected world becomes more complex we believe that global standards will make our borderless cyber world a safe and secure place to communicate and do business.

Q4. John, what is Spirent's main message at Black Hat USA 2018? What are you hoping attendees will learn about Spirent at the show?

Security concerns extend well beyond compliance, and every executive within an organization is discussing security impacts to their business initiatives. Spirent gives our customers correlated information on performance, stability and security, reducing the manual effort to consolidate information from multiple vendors.

Spirent's breadth of solutions supports both development, pre-production and production teams. For attendees that visit Spirent at Black Hat, we hope they will challenge our security experts with complex security concerns and are confident with our ability to help customers navigate our connected world with speed and security once speaking with us.


James C. Foster

James C. Foster
CEO
ZeroFOX

ZeroFOX

Q1. Forrester has described ZeroFOX as a leader in the Digital Risk Monitoring space. What exactly does digital risk monitoring involve and what do enterprises need to understand about the need for it?

Digital Risk Monitoring (recently updated to Digital Risk Protection by Forrester) is the process of identifying and remediating security, brand and business risks on external channels, such as social media, mobile app stores, the deep and dark web, domains and more. It is a novel challenge for information security teams as all the risks occur outside the firewall, and with so many accounts operated by employees, executives, brands and other stakeholders, the attack surface has never been broader.

Although the risks are similar to other communication channels like email spear phishing, malware delivery, spoofing, account hijacking, customer scams and data loss, security teams do not own the data on social and digital channels. Thus it is all ungoverned and uncontrolled. Digital Risk Protection is the process of putting security controls and visibility around these new business communication tools.

Organizations need to understand that attackers have long understood that social media and digital channels give them unprecedented scale, anonymity, and ease of use when it comes to acquiring and engaging targets. Many organizations simply don't understand how much being damage is done because they have no visibility. It is up to the organizations and individuals themselves to identify and report this malicious activity.

Q2. You have a pretty bleak outlook on the potential for social media platforms to be misused for all kinds of malicious activity in the future. What are your biggest fears in this regard?

For the most part, social platforms view themselves as agnostic tools—agents of free speech. Malicious actors quickly realized that they were valuable assets. Of course, social networks don't approve of this exploitation of their platforms, and they have Terms of Service in place to outlaw certain activities, including pornography, terrorism, fraudulent accounts, trafficking, and more. However, the networks rely on their community to report malicious behavior for removal, and as such, the onus for finding the content is on the individual or brand implicated in the issue. This is a good thing, because it allows security, brand and risk teams to take actions into their own hands and develop organization-specific rules and regulations.

With this in mind, our biggest fear is that organizations fail to live up to this task, and the returns on malicious activity continue to pay. It won't take much for social networks to become too difficult to exploit, thereby forcing adversaries to change their behavior or abandon their aims. As long as there are conduits for malicious activity, malicious activity will thrive. The goal for the security community must be working with social networks to raise the cost of exploiting these channels to the extent that they are not worth it for the attacker. Hitting this threshold is critical.

Q3. What do you want attendees at Black Hat USA 2018 to know about your company and its offerings?

For anyone paying attention to the headlines in the past 6-12 months, you'll know that social media security and the exploitation of social networks has reached critical levels. We expect this to get worse before it gets better. As long as Russian propagandists, cyber criminals, fraudsters and scammers have these free, easy to use, scalable tools a their fingertips, they will continue to exploit them successfully.

ZeroFOX was built to give organizations the visibility and control over social media and digital channels that they need. Using diverse data sources and artificial intelligence-based analysis, the ZeroFOX Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more.

ZeroFOX technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, HipChat, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains and more. Our mission is to make social media, undisputedly one of the biggest boons to modern organizations in recent history, safe for everyone.

Sustaining Partners