Interviews | July 23, 2015

Black Hat USA Sponsored Workshop Interviews: Twitter and FireMon

Michael Coates

Michael Coates, Trust and Info Security Officer at Twitter, talks about the company's "public bounty program," and why Twitter is sponsoring a Black Hat workshop on methods to systematically approach the security topic within a fast-paced company.


Q: Michael, when one thinks of a security conference like Black Hat USA 2015, Twitter doesn't immediately come to mind. Give me some insight into Twitter's interests and concerns as they relate to some of the hot topics at the conference.

Michael Coates: Black Hat represents one of the premier security events where the latest security techniques and research are discussed. As a company that greatly values the security of our users and their data, Twitter is a natural fit to attend, present, and host activities at Black Hat. Twitter has been an industry leader in proactively deploying the latest security features to our users. From items such as Content Security Policy, HTTP Strict Transport Security, DKIM and DMARC, we take security seriously and work to provide and integrate numerous methods to protect our users.

At Black Hat, our goal is to understand what new security mechanisms we can deploy to continue defending our users and their information. We also want to stay abreast of new techniques that are used by attackers. Additionally, Twitter supports the broader security research community. Not only do we run a public bounty program, but we also host and support security gatherings and events. Black Hat gives us yet another opportunity to further interact with the security community.

Q: Last year, Twitter acquired Mitro, a security-password startup. Give me some more recent examples of what Twitter is doing to strengthen security for its customers and partners, especially with hackers out there trying to break into social media accounts.

Coates: Twitter provides a variety of security controls to protect our users. In fact, for the past three years in a row, Twitter has been awarded the top position from the Online Trust Alliance.

Some of these security controls include two-factor authentication, a delegated account access feature called TweetDeck Teams, always-on HTTPS (HSTS), and e-mail security such as DKIM and DMARC. In addition, as I mentioned previously, we have a bug bounty program to encourage security research and responsible disclosure as another layer to protect our users.

Q: Twitter is sponsoring a Black Hat workshop this year. Tell me a little bit about the topic … and what will some of the takeaways be for attendees. Why will they want to participate?

Coates: Security can be challenging in many different ways. Events such as Black Hat provide a great space for the discussion of specific new technical flaws, bypasses, and risks. However, an equally important area in security is tackling these issues within an enterprise in a scalable way that works with -- not against -- the business.

In our Black Hat workshop, we want to bring together security practitioners who work both inside and outside of organizations to discuss handling security at enterprise scale. We'll cover not only the specific technical issues that are top of mind, but also methods to systematically approach the security topic within a fast-paced company. We are planning for this to be an interactive discussion where both participants and Twitter Security can share ideas and challenges.

Q: Talk to me about why Black Hat USA 2015 has become so important to your marketing strategy.

Coates: Black Hat is a great event that gathers top security minds from around the world. As a company that is constantly working to protect our users, we want to learn from the best, attract top security researchers to Twitter, and also share our security expertise with the rest of the community.

Jeff Barker

Jeff Barker, VP of Product Management – Immediate Insight at FireMon, chats about the previously unavailable capabilities of its recently introduced Security Manager 8.0, and what attendees can expect to learn at the FireMon-sponsored Black Hat Workshop on the "human layer" of security.


Q: Jeff, FireMon recently introduced Security Manager 8.0 which is said to leverage highly automated analysis and monitoring of security infrastructure to deliver previously unavailable capabilities to identify and resolve emerging gaps in network defense. Fill me in on what some of those "previously unavailable capabilities" are.

Jeff Barker: The development of Security Manager 8.0 was driven by the increasingly complex and changing nature of enterprise environments with hundreds -- or even thousands -- of network security devices. This release is a significant step forward in leveraging automation and analysis to provide the information necessary to make faster, more informed decisions regarding network access.

In version 8.0, we've created an advanced user interface that automatically generates real-time visibility into key performance indicators regarding policy effectiveness, complexity, and change via a single-pane, Web-based dashboard.

A new horizontal data analysis architecture provides normalization and reporting across network security devices, policies, and rules for faster, more scalable management in complex, rapidly changing environments.

We've expanded the ability to support migration to industry-leading NGFWs, including advanced Traffic Flow Analysis that allows for broader policy/rules search criteria and application-aware analysis. The newest iteration also expands automated compliance auditing and rule recertification workflow to address the new PCI DSS 3.0 requirements.

Q: You just acquired Immediate Insight. What exactly do they bring to the party? How will FireMon customers benefit from that acquisition?

Barker: In this dynamic and real-time era, we need to gain actionable insights from our data and respond with infrastructure policy updates in minutes, instead of hours or days. With the addition of Immediate Insight to our security intelligence platform, FireMon is bringing solutions to the security challenges customers face today and will face tomorrow.

Immediate Insight adds real-time IT data analysis to FireMon's industry-leading network security intelligence platform. This expanded capability enables FireMon customers -- a mix of enterprise organizations, government agencies, and managed security service providers -- to better identify gaps in their network security infrastructure through advanced data analysis, as well as accelerate triage for any active compromise. In combination with FireMon's Security Manager, the insights gained from the data analysis can be applied to existing device policies to mitigate the risk and impact of the event.

In addition, as our customers continue to leverage the cloud and dynamic-by-design infrastructures (e.g. SDN), we believe the intelligence layer (i.e. policies and configurations) and insights from infrastructure data will be vital to ensuring delivery of secure applications and services.

Q: You are sponsoring a full-day workshop at Black Hat USA 2015. Talk to me about what that workshop's focus will be. What will be some of the takeaways?

Barker: Over the past 15-20 years, the industry has invested billions in pursuit of automated security layers (e.g. firewalls, endpoint protection, intrusion detection, etc.). While each solution has been improving in its own right, there are gaps that continue to be exploited. Even after organizations have automated security as much as possible, responding to an incident requires human understanding and decisions to identify an incident as a false positive or something demanding attention. We call this human interaction part of the process "the Human Layer." Over the years, attempts at automating the human part of the process have fallen short.

We believe there's a new approach required for the Human Layer. Past approaches have attempted to provide definitive answers that often create an avalanche of false positives, overwhelming already-overburdened teams. Increasing complexity -- driven by cloud/mobile-centric architectures and dynamic-by-design infrastructures (e.g. SDN, cloud) -- will create a new class of challenges (referred to as Unknowns) for both automated and human layers of IT security.

In this session, we will examine and demonstrate a new data discovery paradigm and class of data analytics, specifically for the human layer of IT security.

Q: You made the decision to become a sponsor of the Conference. How are you expecting to benefit from your investment?

Barker: Testing our designs and assumptions through an exchange of ideas with the people in the trenches is the best way to ensure that our solutions enable organizations to enhance their security posture. We look forward to collaborating with the Black Hat community to ensure that we create a solution to their problem, not a solution in search of a problem.

Sustaining Partners