This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Interviews | July 16, 2019
A Defensible Network Perimeter No Longer Exists
Q1. Why has identity become so critical to mitigating current and emerging threats? Why aren't the usual approaches sufficient anymore?
Authentication on the World Wide Web is broken. We all know it, or at least sense it. Every web site or mobile app that we want to use asks us to register and set up yet another account with yet another username and password. With the typical end user having tens of online accounts, this results in a dizzying number of usernames and passwords to keep track of. Even worse, end users simply reuse the same username and password across multiple accounts. A 2017 Pew Research survey reported that 39% of all users employ the same or very similar passwords across online accounts.
All of this is compounded by the epidemic of data breaches that have taken place in the last several years. In 2016, over 4 billion usernames and passwords were stolen. And every month it seems that another huge set of identities are stolen. From a website owner's perspective, this leads to a huge digital trust problem - just because someone or something presents the correct credentials, how can the business trust that it is truly the account owner that is attempting to login?
Digital privacy and trust needs to underpin every interaction between a digital business and its end users. Digital trust should include measuring and quantifying that an entity is who or what it claims to be and that the user or entity will behave in an expected manner. Digital privacy should include strong data protections, storing end user consents with the data so that all business applications know what end users have consented to. And business applications should be able to access only the data relevant to their business purpose, preventing data from inadvertently spreading far and wide. Legacy Identity approaches do not do this today. Modern digital businesses need better.
Q2. Enterprise interest in Zero-Trust security models appears to be growing substantially. What do organizations need to know about the approach and what it takes to get there?
We know that the defensible network perimeter no longer exists. Using a security and access approach that made sense 20 years ago in today's environment is at best misaligned and at worst perilous. This is evident in the number and scale of data breaches we've seen in the last five years, the majority of which happened as a result of trust being abused inside of the enterprise perimeter.
That's why so many security teams recognize that it's time for a change and why there is so much interest in Zero Trust. Here are a few key goals that enterprises should strive for:
- Stop malware propagation and lateral movement. In traditional perimeter-based networks, malware typically penetrates deeply due to a lack of segmentation and poor network visibility. At Akamai, we are focused on the combination of granular access controls for specific applications combined with proactive threat prevention to make it much harder for malware to propagate or for an attacker to gain access to other corporate workloads.
- Reduce capex and opex for security. Improving security is invariably associated with increased cost. With Zero Trust security, this isn't always the case; to the contrary, improved security combined with cloud-based simplicity enables you to potentially consolidate security controls, reduce management costs, and -- with a new security architecture -- leverage the Internet as your corporate network.
- Enable digital business transformation. With Zero Trust access is only granted to a limited number of applications based on identity, device, and security context -- without ever granting access to the corporate network. In addition, digital business transformation includes enabling a modern "work anywhere" corporate culture. Secure business application access from anywhere - whether the user is in the office or their local coffee shop.
Q3. What do you want attendees at Black Hat USA 2019 to know about Akamai's plans and strategies for the next few years? What can they expect to hear or see from the company at the event?
At Akamai, security is at the heart of everything we create. After more than two decades on the front lines of the Internet revolution, Akamai continues to pioneer strategies, products, and solutions that keep the world's information safe and secure. At Black Hat USA 2019 attendees will see that Akamai has made updates to every product line to help organizations better protect applications and APIs, stop credential stuffing, and move to zero trust.
- Identity at the Edge: The acquisition of Janrain establishes Akamai as a leader in customer identity and access management (CIAM). This brings identity to the Akamai edge - delivering authentication and registration as a service, single sign-on, end-user profile data storage, consent management, strong privacy controls and management of over 1.5 billion identities.
- Advanced Bot Detections: Bot Manager Premier will demonstrate new advanced bot detections to stay ahead of the evolving bot landscape. Unsupervised device anomaly and adaptive anomaly clustering combine unsupervised machine learning and deep learning techniques with unmatched visibility into both threats and legitimate traffic on the Akamai platform to catch the most sophisticated bots.
- Automatic API Inspection: Akamai is bringing automatic inspection of API traffic to Web Application Protector to make it easier than ever to protect your APIs. For customers who don't have time or resources to manage a WAF, WAP now provides simplified application security for all of your web applications, including both websites and web APIs.
- Simplified zero trust adoption: Akamai is making it easier than ever to adopt a zero trust posture. Enterprise Defender combines Enterprise Application Access, Enterprise Threat Protector, Kona Site Defender, Ion, and IP Application Accelerator into a single package designed to make it easy for you to protect your enterprise applications and users.
Q1. How have requirements for endpoint security evolved in recent years? What role is big data and analytics playing in helping organizations address endpoint threats?
Modern cybersecurity is all about collecting, retaining and analyzing the data. To understand the data is to understand the attacker, as well as their evolving behaviors. That's the premise Carbon Black was founded on and it's one that continues to permeate our product philosophy and company strategy.
Long gone are the days of being able to rely on signature-based antivirus products to keep attackers out. That's a conclusion the market has largely accepted in recent years. However, in response, there's been a proliferation of point security products that attempt to address only a single component of the attack lifecycle. These point products have left security teams with too much complexity and not enough answers. That's one of the reasons we are continuing to see attackers succeed.
At Carbon Black, we're simplifying and strengthening security for organizations around the world. Our cloud-based endpoint protection platform (EPP) consolidates multiple endpoint security and IT use cases into a single platform. This platform collects and analyzes more than 500 billion security events per day - a massive amount of data that's providing critical insight into attack patterns and providing a level of insight that extends well beyond point products.
Rather than just address one component of the attack lifecycle, Carbon Black is empowering security teams to prevent, investigate, remediate and hunt for threats. I often say that data is the lifeblood of our cloud platform and that understanding attacker behavior by analyzing this data is how we're going to close the gap in cybersecurity.
Q2. Carbon Black's recent Global Incident Response Threat Report noted a substantial increase in attacks that leverage "island hopping". What exactly is island hopping and why should enterprise organizations be concerned about the trend?
Island hopping is something that both Carbon Black and its 100+ incident response partners are seeing at increasing levels. In fact, 50 percent of today's attacks leverage island hopping. With island hopping, attackers are going after a primary target by first targeting smaller, often more vulnerable, organizations in the supply chain. The term "island hopping" generates from World War II, as a tactic the United States leveraged in the Pacific. The U.S. would attempt to capture smaller islands and then use them as outposts to target mainland Japan.
The Target breach from a few years ago is a prime example of a successful island hopping attack occurring in cyberspace. As many of us know, this attack began with attackers first breaching Target's HVAC provider. The same thing is happening with other supply chain vendors in various industries - finance, healthcare, energy and government. The smaller supply-chain partners of these larger organizations often don't have good enough security programs in place to defend against attacks.
What's most concerning about island hopping attacks is that they're evolving beyond traditional leapfrogging from network to network. They now include attacks where websites are converted into watering holes to ensnare a business' customers, partners and overall brand. Modern island hopping attacks are also leveraging Reverse Business Email Compromise (BEC), a trend seen primarily in the financial sector, where attackers take over the mail server of a victim company and launch fileless malware attacks. It's clear the surface area for attacks is expanding and it's critical for businesses to acknowledge this risk.
Q3. What do you want attendees at Black Hat USA 2019 to know about Carbon Black's technology roadmap and strategy over the next few years?
Most importantly, the power of the cloud is transforming endpoint security and Carbon Black is leading this transformation. Today, only 15% of companies are in the cloud when it comes to their endpoint security. By 2025, Gartner predicts that more than 75% of companies will be in the cloud. Carbon Black is at the forefront of this shift with our cloud platform and our roadmap and strategy center around using the power of the cloud to keep our customers protected.
Over the past year, we've delivered four new services on our cloud platform and we'll continue to deliver additional features and use cases over the next few years. Our team lives and breathes cybersecurity and I love seeing that passion shine through with our product innovation. Our high-level strategy is one that we've been following since Carbon Black's founding: we want to make life easier for defenders and harder for attackers. We know the cloud gives us a big advantage in doing both, especially when it comes to collecting, retaining and analyzing big data.
Q1. Why is Cisco acquiring Sentryo? What business or security issue will Sentryo's technology help organizations address?
The Sentryo acquisition increases the value of our integrated and industry-first network architecture that uses intent-based networking capabilities to protect internet-of-things devices in a variety of industries, including manufacturing. Sentryo specializes in providing users greater visibility and security for industrial control system networks and the devices on those networks, an increasingly important service as malicious actors turn their attention toward disrupting ICS. By bringing Sentryo onto our team, Cisco is enhancing security at the network edge by providing sensor optimization, giving control system engineers critical visibility into their disparate environments to identify vulnerabilities, detect anomalous behavior, and protect their control systems from cyber attacks.
Q2. What are the biggest challenges organizations face these days in effectively applying threat intelligence?
An obvious challenge that all organizations face today is that threat and attack landscapes are evolving at unprecedented levels of sophistication and impact. Malicious actors are becoming more adept at evading detections and are weaponizing cloud services and other technology used for legitimate purposes. From a threat intelligence point of view, the ongoing challenge for organizations is acquiring accurate, timely, and actionable threat intelligence data that can be processed and incorporated into their security operations. This is becoming a must-have requirement for orgs, to the point that threat intelligence programs are now crucial to the risk management strategies for many companies.
The good news is that threat intelligence organizations such as Cisco Talos are designed to help these enterprises identify and understand attacks before they happen. Organizations that partner with Cisco gain the advantage of Talos research insights being fed directly into the Cisco security product portfolio, in part through regular, frequent threat detection updates. This kind of threat research helps companies get a step ahead of attacks and to maintain control of an incident when an attack occurs. Additionally, industry programs like the Cyber Threat Alliance (CTA) are growing at an exponential rate allowing the industry as whole to share real time threat intelligence information amoung its members. This directly benefits all customers who utilize vendors in the CTA.
Q3. What do you want attendees at Black Hat USA 2019 to know about Cisco Talos' threat intelligence capabilities and plans for growing it over the next few years?
Talos is the largest commercial threat intelligence organization in the world. With unmatched visibility into the threat landscape, we can quickly help our customers and partners go from unknown threat to understood and mitigated risk in an extremely short period of time. With Cisco's unique product and services portfolio, Cisco Security can cover more threats through more threat vectors than any other vendor on the planet. Additionally, our wide array of intelligence partnerships and industry-leading alliances like the CTA allow us to help protect the world as a whole and hopefully make it safer for everyone.
As we look towards the future we know we will always have to adapt with our adversaries and the political climate of the world. This means keeping focused on protecting our customers, and strengthing our industry alliances. We aren't just fighting the security battle by ourselves, and we as an industry need to continually work on sharing data faster, with higher context, so the industry as a whole can mitigate threats faster than we do today.