Interviews | July 21, 2021

Ransomware is Biggest Concern for Cybersecurity Professionals

Fortinet | Technology Innovation Institute | ThreatLocker

Derek Manky
Chief, Security Insights & Global Threat Alliances, Fortinet FortiGuard Labs


Q1. How does Zero Trust address some of the new concerns around edge security that have surfaced since the recent pandemic-driven shift to a work-from-anywhere model?

Cyber adversaries have been quick to respond to the fact that networks expanded rapidly in response to the pandemic. As a result, CISOs can no longer ignore the benefits of the zero-trust model for security. TA zero-trust model moves security away from implied trust that is based on network location. Instead, it focuses on evaluating trust on a per-transaction basis. Given the sophistication of cyber adversaries today, risks of insider threats, and the overall challenges to cyber hygiene as well as so much more, a zero-trust approach is vital. Start with zero trust, then work towards earned trust only with validated identities. It came about essentially because the old security model of "inside means trusted" and "outside means untrusted" no longer works. 2020 was a perfect example of the importance of this strategic way of thinking. Watching the trajectory of ransomware attacks alone, validates the urgency for zero trust.

Q2. Security experts often talk about the importance of understanding the 'attack chain' and the 'kill chain'. What about the attacker supply chain? Is it time to start taking a closer look at that and what can be done to disrupt it?

Yes, a closer look at disruption is important. Understanding the attacker supply chain is the first, crucial step when it comes to disrupting cyber adversaries. By analyzing their methods, defenders can effectively find and develop tactics to stop them. Things like developing and deploying playbooks to expose cybercriminals early in the attack cycle, using AI to enable organizations to implement effective countermeasures, and sharing threat intelligence are all important strategies. The goal of these defense techniques is to dismantle attack models and force cybercriminals to change their approaches and techniques, which will require their time and resources. But essentially many cybercriminals are run like companies, so disruption also means going after their broader supply chain and disrupting it as well. From the executives to the suppliers, or the individuals who hide payments---disruption needs to happen from top to bottom across the chain of command.

Q3. What does Fortinet plan on highlighting at Black Hat USA 2021? What is your main messaging at the event?

Black Hat is an important event for Fortinet, we have been attending for years. As for myself, I think I have been participating in this event for over 10 years. Cybersecurity is a fast-paced industry, so it is important to maximize opportunities to share learnings. At the event, we will be highlighting something I am really passionate about which is our work with global organizations to deter cybercrime and also close the cyber skills gap. Fortinet and FortiGuard Labs work with organizations like WEF Centre for Cybersecurity, The Cyber Threat Alliance (CTA), Interpol, MITRE, and others – to help enable threat information sharing, foster more and broader understanding of cybersecurity, and also work to build norms of behavior across organizations and boundaries. Fortinet will also continue to showcase our global threat research and intelligence organization – FortiGuard Labs as well as a focus on our AI-driven security operations capabilities as part of the Fortinet Security Fabric platform. As many of us know, advanced threat detection and response capabilities along with centralized security monitoring and optimization are critical as cyber adversaries inflict attacks across all types of organizations to inflict ransomware or other destructive payloads.

Rocco Calvin
Executive Director - Digital Security Research Center

Technology Innovation Institute

Q1. What are some of the projects that your team at the Digital Security Research Centre is working on currently?

The primary goals of the Digital Security Research Centre (DSRC) are improving automation and effectiveness at run-time for software vulnerability discovery, assessment, and mitigation at scale with speed for open-source code and closed-source binary targets across several platforms and architectures. At DSRC, we are developing next-gen autonomous computer security tools. What we aim for is to make the software of the future safe.

DRSC works on multiple research areas in fundamental as well as applied science disciplines. We pride ourselves on discovering, evaluating and repairing software in seconds.

Our core research areas are: Automated Binary Analysis; Automated Vulnerability Evaluation; Automated Self-Healings; and Automated Strategic Decision-Making'

Therefore, our current projects aim to:

  • Build an automated, scalable vulnerability analysis platform that allows our researchers and engineers to perform rapid prototyping, run experiments, obtain complete control over the software, and provide live comprehensive benchmark reports.
  • Conduct applied research and build robust tooling using emulation to allow introspection, determinism and removing performance bottlenecks during a fuzzing campaign.
  • Replace how an engineer requires manual work that takes days to create effective harnesses to aid persistent in-memory fuzzing.
  • Improve how corpus minimization is done and measured to reach better execution speeds while not losing valuable inputs that may lead to a bug or crash.
  • Enhance and automate binary rewriting to attain source-based speed and fuzzing-enhancing program transformation for closed-source binaries.
  • Develop new techniques and methods for the automatic generation of fuzzing grammar from source code.
  • Improve robust network and multi-core scaling with different targets, test cases and fuzzers for vulnerability discovery.
  • Analyze complex embedded software and firmware dumps from Internet-of-Things (IoT) for security flaws.
  • Enhance crash analysis assessment to understand further the root cause's ground truth and the actual severity with context.

Q2. In what areas of software and digital security do you see the biggest opportunities for innovation and change over the next few years?

Enriching the dataset, storage, and computing power, the traditional challenges we face will be less of a challenge in the future, e.g., path explosion, limited test cases, virtual machine reset speed. However, we have to face the volume, the variety, the complexity, and the compatibility of the software increasing significantly. It generates the new challenge of ensuring all software cooperate and work as we expected, even under attack. It pushes our software analysis tools to become more intelligent and efficient. It can react to different contexts and environments. In other words, the software analysis tools are supposed to reason about what to do at a particular moment.

In real life, the landscape is complex, e.g. how to design and build such intelligent software analysis tools will become more of a challenge. Furthermore, it will push us to think about how much we can truncate from such a software analysis tool to meet a lower level of expectation.

Q3. Why is it important for TII to be at Black Hat USA 2021? What do you want security leaders at the event to learn about your organization and the research work that it is doing?

As we all know, Black Hat is a long-time renowned event in the community. As we are new, we are here to introduce ourselves to the cybersecurity industry. In a nutshell, we are the Digital Security Research Centre (DSRC) at the Technology Innovation Institute (TII), the applied research pillar of the Advanced Technology Research Centre (ATRC) which sets the R&D strategy in Abu Dhabi. We are one of seven research centers at TII; the others do research in the areas of quantum, autonomous robotics, cryptography, advanced materials, directed energy, and secure systems.

At DSRC, we conduct groundbreaking research to protect the world from cyber threats by improving how we identify software vulnerabilities and correct software flaws.

Most importantly we are here to offer a home to the world's best binary security researchers, scientists, and engineers. Wherever you come from, we believe we will be able to work together on the same goal.

We hope all the security leaders know who we are and what we are doing and will do.

The Digital Security Research Centre (DSRC) at the Technology Innovation Institute (TII) aims to make a better world by protecting people from cyber threats.

Our multicultural teams operate with an unconventional philosophy of interdisciplinary collaboration. Each DSRC member and our partners are expected to challenge, be challenged, create, and innovate.

Our team brings together computer security experts from academia, industry and the broader security community to solve challenging problems that prevent us from being secure at the binary level.

We conduct breakthrough scientific research and experiments aimed at creating novel approaches and effective methods for improved reasoning over complex compiled binaries. Appreciating that humans cannot scale and make the world's software safer on our own, we spur innovation through technological advances.

We work on a depth and breadth of research areas in both fundamental and applied research. We pride ourselves on discovering, evaluating, and repairing software vulnerabilities in seconds.

We follow our purpose to make the world better.

Danny Jenkins


Q1. What should organizations be taking away from attacks like the one on Kaseya recently?

The more software we run on our computers, the more vulnerable we are to an attack. Software by nature has access to everything the user can access, regardless of whether it's an RMM agent, Microsoft Office, a game, or ransomware. While software is the lifeblood of business, organizations should only permit what is needed to run. When software is permitted, organizations should limit what that application can access. Does Microsoft Word really need access to PowerShell? Does your favorite game need to access your network shares? By limiting what applications can do, the damage is significantly limited when vulnerabilities occur.

Q2. What's driving all the acquisition and investment activity in the managed security provider space over the past year? What does the trend mean for enterprise organizations?

Businesses are in a rat race against cybercrime, and the perception is that MSSPs are the solution. Successful MSSPs that not only respond to threats but control environments using zero trust are the true winners.

Q3. What do you expect will be top-of-mind issues for your customers at Black Hat USA 2021? What are ThreatLocker's plans at the event?

Ransomware, ransomware and more ransomware. Companies need to get ahead of this threat, and they need the technology to protect against it. It's the biggest concern for cybersecurity professionals now. Much of the focus will be spent at Black Hat figuring out how to prevent it.

Sustaining Partners