This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Interviews | July 7, 2017
Black Hat USA Sponsor Interviews: Accenture, Citrix Systems, Crowdstirke, and Cybereason
Director – Growth & Strategy
Managing Director – North America Strategy & Risk
Q: Ryan, cybersecurity has become a key focus and growth area for Accenture. What is driving the focus and what do you see as the value-add that Accenture brings to the table?
Accenture's overall market approach is to "Lead in THE NEW," with "THE NEW" encompassing the digital transformation enterprises are undergoing to maximize their business. Implicit in "THE NEW" are two notions that have been gaining growing visibility within corporate leadership: digital trust and cyber resilience. Through a range of client discussions, our CEO, Pierre Nanterme, heard loud and clear that the market expects Accenture to be a leader and innovator in the cybersecurity market because digital trust and cyber resilience are foundational. With that charter, Accenture Security has been designated as a strategic growth initiative and we've accelerated our Practice growth.
The unique value we bring to our clients is in-depth perspectives on attackers - their motivations and methods - combined with a deep industry based perspective of the business drivers and specific risks our customers face. With these insights, Accenture is able to tailor more effective solutions that tackle security beyond their traditional four walls of the enterprise, extending to operational environments, customer engagements and extended value chains. It's security that helps our clients succeed.
Q: Kevin, what do executive business leaders and Boards of Directors need to understand about cybersecurity exposures to their business? How does Accenture help them address their organizational goals for cybersecurity?
We seem to have a constant drone of content through an array of news sources and social media around cyber-attacks and cyber threats – some of which is very sensationalized. Our business leaders and board members see these stories in an unfiltered light and are asking how ready their organization is to defend itself.
Accenture has developed a groundbreaking approach to helping key executives build context to those news stories and understand and prioritize efforts that will maximize their security investments. The approach is encompassed in six foundational steps:
- Lead from the top by materially engaging with enterprise leadership and improving the board's cyber literacy.
- Make security everyone's job by fostering a culture of cybersecurity and prioritizing training of all employees.
- Protect from the inside out by prioritizing protection of organizations' key assets.
- Pressure test security capabilities by engaging "white hat" external hackers to simulate real-world attacks.
- Invest to Innovate and to Outmaneuver, staying ahead of attackers.
- Grow confidently by keeping security connected to the bottom line and to real business needs.
These six steps transition security from being an IT initiative into it being a business problem – maximizing the insights and perspectives of all the business leadership to help prioritize initiatives based on business relevance.
Q: Ryan, you have described cybersecurity as being a human problem not a malware issue. Why is that the case and how does Accenture help organizations address the challenge?
We see cybersecurity as a human problem because problems start with an attacker or malicious actor with a specific motivation and a targeted objective. This might include taking a political stand to monetizing stolen data or disrupting critical operations. Understanding attacker motivations, what's of value within that business and keeping abreast of the methods and campaigns targeting a company – these all help organizations prepare.
By looking through the eyes of the adversary and understanding "how" and "why" they attack, many tangible outcomes come into focus, along with ideas for tangible and effective changes to day to day activities. For example, it's important to understand an organization's customer digital experience and the environment that supports it. Then you couple that with understanding of how advanced adversaries might value the customer information and how they might manipulate the environment through phishing and targeted malware attacks.
With that understanding in hand you can now initiate new software development approaches and enhanced technology deployment standards. The net is greater confidence in the resilience of your operations and improved customer confidence. Plus, ongoing "practice" creates muscle memory, so that when attacks do occur, the team is better prepared to respond. Thinking like an attacker has been a key tenet of Black Hat through the years, and it is infused in how Accenture Security helps our clients mount more effective defenses for their business.
Q: Kevin, what is your main focus at Black Hat USA 2017 and why?
Black Hat continues to occupy a significant place in the information security community. The notion of bringing security practitioners, researchers, military, law enforcement, business leaders and industry into the same room for a meaningful dialogue has proven very effective.
For Accenture, the focus this year is multi-fold. First, as Accenture Security continues to grow, we are staying active in our community to contribute to the larger discussion. We have amazing people with significant perspectives on improving security programs and so naturally we want to engage in these discussions with our peers. The second focus is on recruiting. We are growing rapidly and the people we want to add to Accenture Security are all over Black Hat. The final focus is community. Our leaders have been in the security industry for many years. Black Hat is an opportunity to interact with friends and industry colleagues in a setting that fosters collaboration.
Q: A recent global survey that Citrix and Ponemon conducted showed that Millennials and the GDPR are driving the need for a new IT security architecture. What should the architecture look like and how can Citrix help?
The Citrix-Ponemon study found that 83 percent of businesses around the world believe that they are most at risk because of organizational complexities. Employees are not following corporate security requirements because they impeded productivity, and some security policies can often hinder the ability to work when and how they want, on the device they want. It is no shocker that Shadow IT is on the rise because employees want to work how they want to work. The future of work isn't 9-5 and it isn't in a conventional office.
The security architecture of the future is one that is contextually-aware, with smart, adaptive policies that monitor behaviors and become increasingly supportive through machine learning and artificial intelligence. The security architecture of the future is focused on the protection of applications and data on any device, any cloud, over any network and in any usage situation. It will have more visibility across solutions, platforms and people (also with less add-on security products to cut down on "noise") so that IT can find and respond to threats faster.
Q: You've previously talked about the notion of a cloud endpoint. What exactly is that, and what are its security implications and benefits?
The endpoint – including the browser – is an essential component to maintaining security. As more organizations, apps and data move to the cloud, there is a need for more cloud-specific security controls, especially for those who go "direct to cloud". What is your Cloud Endpoint strategy? It's likely in direct contrast to the enterprise endpoint strategy that defines and allows enterprise-owned-and-managed devices on the network.
The first step towards securely supporting cloud endpoints requires that the concept of "trust" evolve from only allowing trusted corporate devices on the network to dynamically answering the access question of "What can this device be trusted to access in this specific situation?"
Endpoint security policies must consider everyone initially as untrusted outsiders, verify situational risks and require that trust is established – not assumed. By dynamically assigning and verifying the level of trust in endpoints and automating access to apps and data, end-users and enterprises can be appropriately protected across the increasing diversity of enterprise endpoints and usage situations.
Next is control over access to applications and usage of data. Organizations demands that the ability to copy/paste data from one application to another be restricted to allow only specific data to be copied in or copied out, that the location information is saved to is dynamically specified to match access governance and mitigate risks, and that the use of peripherals including printers, webcams and microphones is enabled/disabled per application. This need is especially critical to mitigate data exfiltration from SaaS and cloud-based apps, as well as for home-based users and third-party access.
Another key benefit of a cloud endpoint strategy is that minimal endpoints can be utilized including thin and zero-clients, Chromebooks and Windows S systems alongside traditional desktops, laptops, tablets and smartphones.
Application and desktop virtualization provide the access to and control over sensitive data and use cases.
Q: Citrix has begun to place a fairly heavy emphasis on security recently. What's driving that focus and why now?
Customers have been using Citrix for security for over 25 years, beginning with secure remote access and expanding into contextual/situational access governance for controlling how data is used and shared. Security has actually always been core to Citrix and our products. We build our products to support end-to-end security use cases for the most demanding environments including financial services, healthcare, government, education and manufacturing. Virtualization means that data is only delivered as pixels – keeping sensitive data off endpoints. Mobility solutions utilize secured enclaves to protect enterprise apps, data and policies. Application networking maintains network controls and encryption across and between mobile, on-premises, branches and clouds. And a strong focus on data management governance over the last few years has enabled Citrix to integrate information rights management to control data distribution and usage along with data loss prevention – even for cloud-based data.
Q: Citrix is not traditionally thought of as a security vendor. What's your focus going to be at Black Hat USA 2017? What do you want people to know about Citrix' security capabilities?
Citrix is a new breed of security provider. We're always focused on security – and always have been. It's not something new to us just because there's more attention on security lately – we architect our products around security use cases and we have a rich historical knowledge of the best strategies to reduce risk and minimize the attack surface from some of the most demanding security customers.
The Citrix strategy for delivering security is summarized as:
- Whenever possible, centralize apps and data in the data center or cloud so enterprise data is not stored on devices.
- When sensitive data must be distributed, mobilized or utilized offline, ensure it is protected in a secured enclave.
- Precisely control access to network resources with context-aware policies based on user, device, location, application and data sensitivity.
- Provide visibility and management capabilities that unite your entire IT infrastructure to deliver application and data-specific security.
This strategy empowers Citrix customers to protect applications, desktops, networks and data while adapting to an evolving threat landscape and ever-changing business and regulatory environments. Citrix Analytics further provides business insights to optimize productivity while delivering superior security outcomes.
Q: Crowdstrike is one of the few cybersecurity firms with a valuation of over $1 billion. What makes the firm so valuable from an enterprise standpoint?
With today's advanced threats, organizations are witnessing first-hand the need for a better solution. Traditional antivirus software that relies on known signatures are no longer enough to detect, much less prevent breaches. Enterprises now demand endpoint security that can go beyond stopping malware and solve today's very real challenge of stopping a breach. We deliver this to enterprises by combing next-generation antivirus, endpoint detection and response (EDR) and managed threat hunting. And we deliver it as a SaaS solution with a single, lightweight agent. The combination of better protection and ease of use is what makes us so valuable to enterprises.
The cloud-based architecture of our endpoint protection platform, CrowdStrike Falcon, actually improves the platform's capability and effectiveness with every second that passes and every new piece of intelligence. If a new malware variant or other cyber-attack method is detected, the cloud enables Falcon to update all customer endpoints instantly with no down time – creating "community immunity" and improving security for all.
The CrowdStrike Threat Graph is also a feature that sets CrowdStrike above the competition. The Threat Graph enables unprecedented investigation, response and proactive hunting by analyzing over 40 billion events per day – as much data in a week as Twitter ingests in a year. And it uses patented behavioral pattern matching techniques with machine learning and artificial intelligence to actually track the behaviors of every executable in an organization's environment. It's this very technology that protected CrowdStrike customers from the recent widespread WannaCry ransomware attacks. People have really taken notice of CrowdStrike as cyber attacks continue to make headlines because there is a more public view into the failures of some of the existing technologies that are out there, and we're providing a better solution.
Q: How is Crowdstrike planning on using the $100 million in Series D funding that it attracted recently?
The $100 million in Series D funding is a great validation for what CrowdStrike has built and offers us the opportunity to continue to grow – both our technological capabilities and global footprint. The investment will support our aggressive domestic and international expansion goals, enable us to invest in sales and marketing and add new partner relationships.
Partners are really a key piece in our international expansion plans and overall go to market strategy. Our team has built strong global relationships with the channel and we will continue to invest as we look to add partners globally, from large enterprises to SMBs. Partnerships are essential to our success and help make the cyber world safer for all.
From a technology perspective, the funding will allow us to build on our current platform capabilities as we invest more in engineering and innovation. We want to continue adding advanced new features to help our customers be more effective in the face of a rising tide of ever-more sophisticated threats. Our goal is to accelerate the adoption of our endpoint protection solution across enterprise and midmarket customers. We want to enable organizations of all size to replace their AV solutions and effectively prevent, detect and respond to attacks.
Q: What can people expect from Crowdstrike at Black Hat USA 2017? What events have you got in store for attendees?
CrowdStrike continues to lead the charge in talking about real issues facing cybersecurity teams today. Dmitri Alperovitch, Co-founder and CTO will be leading our speakerships with a session at the CISO Summit on Tuesday, July 25th. Austin Murphy, Director of Incident Response leads our Workshops with "Real-world trends in eCrime in the retail space"; followed by Dr Sven Krasser, who will give a straight talk on Machine Learning and what the marketing department doesn't want you to know! You can catch our experts "Going Hand to Hand with an Advanced Attacker" on the show floor.
CrowdStrike ensures that everyone that visits our booth, #515, can see how our Falcon Platform stops breaches, we have myriad of live demo's in our booth – from detecting and responding to attacks to actively hunting for adversaries in your networks – CrowdStrike will show you how we stop all attack types from malware to file-less attacks. Once you hear one of our theater presentations, you can choose your custom-printed adversary t-shirt and sign-up to test-drive Falcon. We have a lot going on at BlackHat 2017 including a very exclusive, invitation only, luxury car racing event with racing legend Mario Andretti! Look for additional CrowdStrike news at BlackHat 2017!
Q: Lior, Cybereason recently secured $100 million in funding from Softbank. How are you planning on using the new funding?
We are humbled and delighted that [at] this round of funding we have more than 300 employees and hundreds of customers around the world. We are thrilled that SoftBank is investing an additional $100 million as they share our bold vision to transform the cybersecurity landscape. When you have a bold vision, you need people to share it and invest in you, both with time and money. Our customers, partners, employees and investors believe in our vision and have contributed tremendous time and money. I promise each of you that we will continue to be aggressive and smart, and lean in to this challenge. This new funding allows us to increase our growth through new distribution channels and to develop new technologies. Our strengthened partnership with SoftBank, which has a formidable sales force and enterprise customer base in Japan and a global reach, will also enable us to further expand our presence in the cybersecurity market.
Q: Yonatan, why was WannaCry so successful? What, in your opinion, were some of the biggest takeways from the outbreak?
It combined an ideal delivery mechanism and "payload": the right vulnerabilities at the right time with the right effect. It could have been even more effective frankly, were it not for a lot of luck. The biggest takeaways are a bit deeper. First, we as an industry need to close the "patch gap." This is entirely solvable, but companies still persist in being very behind in patching.
Second, we need some new technologies to catch the "unknowns." Most of the world is still relying on antivirus and outdated, 20 year old technology to something that outclasses it completely. Hackers don't turn up with "known bad" tools that there are signatures for; they go into the shadows and the untested ground and turn up with world-class exploits for things that are uncovered. And finally, it's time to make networks and process both "anti-fragile" (less susceptible to complete collapse form a single failure) and more recoverable—for example having proper backup and recovery features could have minimized the damage and made recovery possible.
Q: Lior, it has been more than three years since Cybereason launched its core detection platform commercially. In that time, how have endpoint security detection and response requirements changed?
The most significant change is that EDR as a space has hit the prime time — it has grown as a market and is very much accepted as a technology that has come of age and can use endpoint behavior to fill the gap around stopping the unknown, never before seen attacks.
EDR has evolved to emphasize the "R" more, requiring more complete Response options and is not converging with the more traditional endpoint protection market. Cybereason has developed and, in many cases, led these market changes with response options, automation, new platforms and now next generation antivirus as well. It's an exciting time to be in cybersecurity!
Q: Yonatan, why is being at Black Hat USA 2017 important for Cybereason?
As the fastest growing cybersecurity company in the world, we are taking a lean in approach as more and more of the Global 1,000, are becoming customers. So we are excited to attend Black Hat as our heritage from the Israeli Defense Forces allowed us to carry out some of the most sophisticated offensive cyber missions in the world and we have carried that forward today by turning the tables on adversaries making them the victims and the hunted. Our aggressive, offensive mindset is disrupting adversaries on all seven continents and helping to make cybercrime unprofitable.