Interviews | June 12, 2014

Black Hat Sponsor Interviews: Cisco, Palo Alto, Core Security and Juniper Networks

Matt Watchinski

Matt Watchinski, Senior Director, Security Business Group discusses the company's Advanced Malware Protection and the growth of the industry in the last fifteen years.


Your Advanced Malware Protection was ranked one of the top breach detection systems by NSS Labs. What sets Cisco security products apart?

Matt Watchinski: We take a realistic approach to the threat landscape. Malware is stealthy. It is designed to evade defenses like antivirus or even more recently developed sandboxes. Realistically, we know that getting hit is not a matter of if, but when. What is more, we have more to protect than ever – extended networks of endpoints, cloud, mobile, virtual and traditional networks. And we must do this across the entire attack continuum — before and during and after attacks.

To do that, we need two pieces: leading malware detection rates, for which our Advanced Malware Protection was named a leader in the recent the NSS Labs test you mention, coupled with retrospective security that can "go back in time," so to speak, if need be.

In terms of detection rates -- effective detection rates are tied to applying "big intelligence" to catching threats. This means using big data systems and analytics that are fed with robust telemetry streams, for example, the 93 billion daily emails we see. Big data systems analyze these streams to produce "big intelligence" in our security cloud that immediately protects against threats across all control points from the networks to mobile to cloud. The NSS Labs test was definitely a validation of our approach to combating advanced malware.

Post Heartbleed, what do you see as the future security challenges, and how is Cisco positioning themselves to deal with them?

Matt Watchinski: Just as Conficker still exists almost seven years after its release, Heartbleed will continue to exist. The number of Internet-accessible systems will decrease quickly, while the number of vulnerable internal systems will take longer to identify and address. This could allow sophisticated attackers to move laterally in a network, and use Heartbleed to steal credentials or other sensitive information from internal business systems. Cisco will continue to focus on providing the right technologies across the attack continuum. This includes supporting our customers with timely software patches, external threat awareness, and internal network monitoring.

You'll be at Black Hat USA. What are you excited about at the show, and how can companies connect with you there?

Matt Watchinski: Over the last 15 years it's been fascinating to watch how the community has grown, changed in some ways, and not changed in others. For me, Black Hat has always been about building relationships with other like-minded individuals in the community, and learning about new and interesting skills and techniques. So when it comes to what excites me about Black Hat this year, it's the opportunity to renew old relationships and build new ones within the community that is Black Hat. While the technical content is always top notch and I'm sure I will learn something new and interesting, everyone should remember that if you pass up the opportunity to build relationships and meet new people your takeaway from Black Hat won't be maximized.

As for how people can find me. I'll be at the Aurora bar at Luxor if I'm not in the technical briefings or at the Cisco booth. So feel free to stop by, have a drink, and start a conversation.

Raj Shah

Raj Shah, Senior Director, Cybersecurity talks about the company's recent acquisition of Cyvera, and their Platinum Plus sponsorship of Black Hat USA.

Palo Alto Networks

You recently acquired Cyvera. Can you describe how your company's work synergizes, and what it means for end users?

Raj Shah: In the face of today's advanced cyber threats that rely on multiple mechanisms to penetrate an organization and access your highly sensitive data, organizations are getting frustrated with the multitude of point security products that operate in silos, perform only discrete security functions and often create extraneous management headaches. The bigger cost: cobbling together a patchwork of point products ultimately leaves enterprises vulnerable to cyber threats. What's needed is an integrated platform where new capabilities work seamlessly together to effectively reduce enterprise risk. Combing the endpoint with the network is essential to build that goal. After looking at many companies, Cyvera stood out as the one company taking a radical approach to preventing zero-day attacks rather than merely detecting them on the endpoint. By focusing in on the limited number of exploitation techniques a piece of malware can utilize, they are capable of stopping zero-day attacks where both the malware and vulnerability are previous unknown. Over the next few months we will be integrating their technology into our platform and are excited to then deliver this important protection capability to our customers.

The Heartbleed vulnerability continues to reverberate through the security industry, but what do you see as the next challenges that will face the community?

Raj Shah: While the community has made great strides in patching public facing website, internal applications will take far longer to update as security teams must invest significant time to evaluate and remedy those custom services. Longer term, I believe one of the great challenges we must overcome as a community is to enact a deep level of information sharing. Liability concerns, vendor equities, data protection, and public-private partnerships are some of the key impediments to broad and timely sharing of threat intelligence data. However, unless we solve this issue, we are forced to continue to defend against the adversary as individuals. Only by banding together – much like elephants circling to defend themselves from lions – can we make serious strides towards realizing a strong community-wide security posture.

Palo Alto Networks is supporting Black Hat USA as a Platinum Plus Sponsor. What are you excited for at the show, and how can readers connect with you there?

Raj Shah: Black Hat is one of the premier conferences in the world focused on Cybersecurity. We're excited to connect with so many of our loyal customers, contribute to the conversation on improved security, and generally be engaged with the community. We have many ways for folks to connect with us: come listen to our session Wednesday, August 5 at 11:45 AM to 12:45 PM in the Business Hall, visit the booth #227 for a demo, or schedule time to sit with us and share your perspectives.

Mark Hatton Core

Mark Hatton, CEO of Core Security argues for companies being more pro-active in discovering security vulnerabilities, and describes the company's partner program.

You've been growing the Core Security Partner Program extensively recently. Can you discuss the program--its benefits and how companies can either take advantage of it or become a partner?

Mark Hatton: We continue to build new partnerships and expand existing relationships. Our Core Secured Partner Program now includes more than 50 partners from the U.S., Europe and Latin America. These partners drive a significant portion of our global bookings, and are a key to the company's ongoing growth. We are seeing traction with both large security vendors as well as smaller regional service providers with specific industry expertise and geographic presence.

Our partner relationships are mutually beneficial: we enable our partners to complement their portfolio offerings with our Attack Intelligence solutions and they extend our reach into their customer base, region and/or industry. We were honored to have the Core Secured partner program recognized as a 5-star channel program by the CRN Partner Program Guide. For more information, please send an email to

You are personally a proponent of companies being pro-active in discovering security vulnerabilities rather than developing purely defensively. How does Core Security embody that?

Mark Hatton: Information security organizations are often "playing defense" with their security, preparing to respond to the inevitable attack as quickly as possible. When hackers dictate the rules of engagement, security teams are naturally put on the defensive.

Core has been encouraging our customers to start thinking more like the attacker. Security teams that take this more are constantly evaluating their environment through the same lens that the hackers use to harm them.

Core believes that companies should use the information available to them to identify and close potential exposures to avoid attacks before they happen. Our Attack Intelligence solutions help customers do just that. By pro-actively looking for attack paths and exploitable vulnerabilities in an environment, companies can address them before the attacker can take advantage of them.

You'll be at Black Hat USA. What are you excited for at the show, and how can interested attendees connect with you?

Mark Hatton: This show has always been a very important one for Core and we're looking forward to another great event this year. We're very excited to unveil the latest version of our "Attack Intelligence" platform and demonstrate how Core is helping customers to dramatically improve the signal-to-noise ratio when it comes to vulnerability management data. We will also present the latest features of our Core Insight and Core Impact Pro products, describing how we enable customers to "Think Like an Attacker" to address their security concerns proactively.

Given our steadfast presence at Black Hat as it has grown and expanded over the years, we have the opportunity to re-connect with past attendees while also introducing Core to a new audience of information security practitioners. We will continue to highlight our activities at the show in the coming weeks, so look for news on our Twitter handle @Coresecurity, our Face book page facebook/coresecurity and in other campaigns.

Nawaf-Bitar Juniper Networks

Nawaf Bitar, Senior Vice President and General Manager, Security Business Unit discusses the company's ethicality and surprising facts about the "cyber black market."

You were recently named as one of the world's most ethical companies. Why is this important to Juniper, and how is it reflected by the company?

Nawaf Bitar: 2014 is the fourth consecutive year that Juniper has been recognized as one of the World's Most Ethical Companies and it is an award that the company is thrilled to receive. We are proud that our colleagues consistently demonstrate Juniper's core value of operating with the highest ethical standards and we are also proud of our mission-driven culture of excellence.

You also recently released a report on the "cyber black market." What is that, and why should companies care about it when it comes to their security?

Nawaf Bitar: We partnered with the RAND Corporation and sponsored a comprehensive report entitled Markets for Cybercrime Tools and Stolen Data: Hacker's Bazaar. While many reports concentrate on the mechanisms behind an individual attack, we were more interested in understanding the economics behind hacking. We learned that the black market for cyber-crime can be more profitable than the illegal drug trade!

What we discovered about the structure of this black market is also fascinating. These markets have shown unprecedented global maturation and economic sophistication – an underground economy akin to that of a thriving metropolitan city. They have clear social and organizational structure, reliable and resilient products, and well established distribution channels.

So, what should we do? To start with we must think differently about the problem. We must address the root cause of the accelerated cyber-crime market maturation and change the economics of hacking by disrupting the value chains that motivate attacks. While we cannot go on the offensive and hack back, we can no longer remain passive. Different forms of active defense, such as intrusion deception, allow us to identify, disrupt and frustrate attackers. I believe this approach holds a great deal of potential.

You'll be at Black Hat USA. What are you excited for at the show, and how can readers connect with you there?

Nawaf Bitar: Juniper is delighted to sponsor and attend Black Hat USA. It is a thought-provoking show that brings out the best in the attendees and the exchange of knowledge is invaluable. Juniper will have a significant presence at the show and we welcome attendees to visit our booth where we will discuss the new techniques and products we are showcasing.

Sustaining Partners