Interviews | September 11, 2014


Rebecca Lawson

Rebecca Lawson, senior director, Security Products at Juniper Networks, discusses why just half the businesses are adopting SDN, and what Juniper's focus will be at Black Hat Europe 2014.

Juniper Networks

Q: Rebecca, your recent Software-Defined Networking Progress Report found that almost 53% of U.S. businesses plan to adopt SDN while the rest say they still have no plans to implement the technology. Why do you think that's the case ... and what are the implications of those results?

Rebecca Lawson: SDN will most certainly have a large impact on our industry, but that may not be apparent for several years. SDN benefits are clear -- being able to automate and orchestrate network elements in a less-complex and pre-defined manner will give enterprise IT shops and service providers a clear competitive edge. The fact is that SDN will redefine how networks are "consumed" the way that the cloud redefined how compute and storage is consumed. With pre-set, on-demand, and highly flexible capabilities, we expect that once SDN is through the early adopter phase, the winning tools and technologies will be quickly adopted.

Q: You've announced enhancements to your DDoS Secure solution designed to help companies mitigate complex attacks by more effectively leveraging security intelligence throughout the network fabric. What do you believe is the importance of that enhancement?

Lawson: The critical element is being able to quickly identify that a DDOS attack is underway, using heuristic methods rather than relying on signatures or volume thresholds � and then being able to send that intelligence to the network elements that are closest to the attack. This means turning your routers into enforcement points because they are closer to the attack (and further from your data). Juniper's DDoS solution is the only one that can do this today.

Q: As a Diamond Sponsor of Black Hat Europe 2014, what does Juniper plan to focus on at the conference? What will be the takeaways for attendees who come to listen to what you'll be highlighting?

Lawson: Our focus is on the emergence of the Dynamic Intelligent Firewall which represents the third major step in the evolution of firewall technology. First was the traditional firewall, designed around port and protocol-level protection at layer 3. Next came the Next Generation Firewall, which is a packaging of additional capabilities, including per-user firewall, IPS/IDS, and application visibility and control. Next Gen Firewall provided layer 4-7 security, but remains relatively static in terms of its ability to repose to near-time threats.

The third step, Dynamic Intelligent Firewall, is emerging now and comprises threat intelligence that can be aggregated, filtered, and parsed into dynamic address groups which can be applied in real-time at various enforcement points. Every enterprise (and service provider) supports a wide variety of firewall use cases, such as branch, edge, data center, DMZ, core, etc. And each of these use cases can now consume a specific set of threat intelligence feeds that increase efficacy for that set of firewalls.

Q: Why has Black Hat Europe 2014 become such an important part of your marketing strategy?

Lawson: Black Hat Europe is a great show for Juniper Networks. It draws the smartest technologists, and a level of security expertise that you simply don't see at other shows. Our customers look forward to the incredible networking opportunities and the chance to learn about leading edge security techniques and technology.

Rob Gould

Rob Gould, VP, RSA EMEA, talks about the need for the security industry to abandon fear and trepidation, calling for new norms of behavior, as well as why the problem of mobile fraud has become such a priority.


Q: Rob, Art Coviello, your executive chairman, recently talked about a need for the security industry to "abandon fear and trepidation," calling for "new norms of behavior." What exactly did he mean by that?

Rob Gould: In his RSA Conference keynote earlier this year, Art addressed the security implications of today's digitally interdependent world. He emphasized that society's digital interdependence now requires new "norms of behavior," more effective security measures, and greater cooperation. Essentially, Art stressed the mandate for new levels of cooperation and information-sharing among organizations and the unprecedented layers of protection that Intelligence-Driven Security strategies can bring to organizations of every type and size.

Q: The latest version of RSA Web Threat Detection seems to have taken on the problem of mobile fraud aiming to mitigate the risks associated with consumer-facing Web sites. Why has that become such a priority and what does your newest solution do for enterprises hoping to detect active threats?

Gould: The mobile threat landscape is evolving rapidly and RSA is taking steps throughout its product portfolio to make sure that, as a market leader, we stay ahead of it. During the past year, RSA has seen a 54% increase in fraudulent activities that are originating from the mobile channel. RSA has also heard its customers telling us that they want us to be a mobile-first organization; that's what our customers are expecting us to be. As such, and with the proliferation of both consumer devices and the explosion of mobile apps, we believe that being at the front line of mobile threats is mandatory.

With the latest version of RSA Web Threat Detection (v5.0), we have taken another step to provide our customers with visibility and big data analytics needed to detect threats in native mobile application traffic. Providing this deep insight in real-time enables our customers to analyze both Web and native mobile traffic to better understand behavior patterns of their mobile user population and identify business logic abuse so they can quickly act upon incidents and alerts. RSA has essentially adapted the same proven Web threat detection capabilities using clickstream analysis of Web sessions to native mobile applications via native mobile JSON parsing.

Q: RSA will be at Black Hat Europe 2014 ... talking about what in particular? What can attendees hope to learn from your talks?

Gould: RSA will be demo-ing multiple products, including the newest version of RSA Security Analytics, the RSA Security Operations Solution, RSA Web Threat Detection, RSA Archer GRC, and our RSA Identity and Authentication solutions. Black Hat Europe will be a great opportunity for RSA to interact with security professionals of all levels and we'll have security practitioners of our own on hand to discuss and demonstrate best practices in protecting organizations from cyber threats. Attackers are constantly adapting their tools, techniques, and procedures as they seek to exploit new technologies and vulnerabilities. Based on current threat intelligence and insights from RSA Research, we'll also be talking about some of the most notable cybercrime trends and threat actors, how they're perpetrating their attacks and how organizations can optimize their defense strategies to incorporate up-to-date intelligence for more proactive defense.

Q: Why have you chosen to be a Diamond Sponsor of the conference? Why is that important to RSA?

Gould: Black Hat Europe attracts some of the region's top practitioners, innovators, partners, and influencers in the cybersecurity industry. Being a Diamond Sponsor gives RSA access to a highly qualified audience who is interested in what we have to offer.

Eric van Sommeren Palo Alto Networks

Eric van Sommeren, director, advanced technologies EMEA at Palo Alto Networks, chats about 419 scams that represent a growing threat to businesses that have not previously been a primary target.

Q: Eric, I understand that, at Black Hat Europe 2014, you'll be focusing on your 419 Evolution Report, the latest research from Unit 42, Palo Alto Networks' threat intelligence team. It talks about how to protect against "Silver Spaniel" attacks that evade traditional enterprise safeguards and steal business-critical data. Can you give us a taste of what advice that report offers?

Eric van Sommeren: "Silver Spaniel" is Palo Alto Networks code name for cybercriminal activity conducted by Nigerian scammers using Remote Administration Tools (RATs) and other malware available through underground forums. This is not a specific organization of individuals, but a collection of activity with similar tactics, techniques, and procedures. Our researchers tracked these individuals using Palo Alto Networks WildFire over the span of three months earlier in 2014

These attackers appear to have begun their criminal careers running easily spotted 419 scams that rely on social engineering to trick unsuspecting people into handing over their money. The actors adopting these more advanced techniques do not show a high level of sophistication or technical acumen, but represent a growing threat to businesses that have not previously been their primary target.

What we want businesses to understand is that these attackers are now using the same tools that more sophisticated criminal and espionage groups often employ to steal information. What's more, traditional antivirus programs and firewalls are ineffective against these attacks because the tools in use are specifically designed to evade those technologies.

Palo Alto Networks in August released a free tool that will decode packet capture containing NetWire command-and-control traffic. The 419 Evolution report also lists indicators of compromise to help enterprise security teams identify and block attacks.

Q: Two questions for you � I hear that another focus will be the importance of endpoint security and your next-generation enterprise security platform. What will the takeaways be for attendees who hear what Palo Alto has to say on the subject? And while we're on the topic, you've just had a big product launch on an endpoint security solution. Talk to me about what it accomplishes ... and why it's so important from both a tech and from a business and decision maker perspective.

van Sommeren: The increasing frequency and sophistication of attacks continues to challenge conventional endpoint protection tools. Enterprises struggle to prevent attacks from exploiting systems using Zero-Day software vulnerabilities -- or vulnerabilities that have yet to be patched. Each year these sophisticated attacks cause billions of dollars in damages to organizations ill-equipped to stop their advance.

It's clear the endpoint protection market must change in order to better protect organizations. We can no longer rely on tools that look for "known" threats or behavior. Palo Alto Networks believes endpoint protection must quickly evolve to prevent all exploits, including those utilizing Zero-Day vulnerabilities. It must also protect against all malware, both known and unknown. For mass adoption, it must be highly scalable and lightweight, and provide detailed attack forensics to analyze attempted attacks. And perhaps, most importantly, endpoint protection must integrate closely with network and cloud security. With each attempted attack comes a treasure trove of valuable intelligence that can be used within the network to block future attempts from getting anywhere near the endpoint. That is the future of endpoint protection, and that's exactly what Palo Alto Networks intends to lead.

Our advanced endpoint protection requires no previous knowledge of the threat. At the end of the day, regardless of use of a Zero-Day vulnerability or unknown malware, the attacker must utilize a finite number of techniques to try and exploit a system. These techniques are hard science and thus are bound to a relatively low number. In order for an attacker to achieve their objectives, they must use a series of these techniques in order to exploit a system or deliver malware. In order to protect that system, you only need to thwart the attacker at one of the techniques in order to block the entire attack. And so our approach was actually quite simple. We set up a series of blocks and traps attached to each of those techniques preventing an attacker from successfully using.

Our solution is compatible with all physical or virtual Windows platforms including terminals, VDI, VMs, and embedded systems, and protects un-patched systems. And by integrating our advanced endpoint protection into our threat intelligence cloud, we've begun the process of bringing endpoint and network security together under a single integrated platform.

Q: Palo Alto Networks is a Platinum Sponsor of Black Hat Europe 2014. Explain why the conference is such an important part of your marketing strategy.

van Sommeren: Black Hat is a mighty brand among the world's major cybersecurity conferences and promises an audience that's as committed and engaged to advanced enterprise security as we are. We are excited to participate!

Jovan Golic

Jovan Golic, action line leader for privacy, security, and trust at EIT ICT Labs, talks about its new San Francisco center and what it hopes to accomplish, and why the Labs chose to become a Platinum Sponsor of Black Hat Europe 2014.


Q: Jovan, EIT ICT Labs describes itself as one of the first Knowledge and Innovation Communities set up by the European Institute of Innovation and Technology as an initiative of the EU. For folks who may not be familiar with EIT ICT Labs, what does that mean exactly? What is it that you do?

Jovan Golic: EIT ICT Labs is one of the three Knowledge Innovation Communities (KIC) set up by the European Institute of Innovation & Technology (EIT). It became operational in 2010 with the aim of bringing research results stemming from European projects to the market to create innovation. The KICs are funded by the EIT with a budget that has increased over the years and that, in 2014, resulted in over 70M€ for EIT ICT Labs. This funding goes along with a co-funding from participating members that, in the case of EIT ICT Labs, is mobilizing three times as much in 2014 for a total investment in the order of 300M€.

The goal of increasing European competitiveness through innovation is pursued along three directions that are mutually reinforcing:

  • Invest in education with Masters and Doctoral programs to prepare the entrepreneurs of the future. Today there are close to 500 students involved in the program.
  • Invest in applied research to complement the one carried out in the European Co-operative Programmes (now clustered in the Horizon 2020 of which EIT is part) with a focus on eight areas of which privacy, security, and trust is one.
  • Invest in the development of SMEs to help them in the adoption of ICT to ensure their competitiveness and their support of start-ups, coaching them with the help of a Business Development Accelerator providing services and access to markets and funding.

EIT ICT Labs is present in nine European countries and has just opened up a hub in San Francisco. Additionally, it connects with all European countries through the X-Europe Programme to connect and leverage all excellence areas in the European Union.

Its over 100 partners in these first five years of the initiative have been able to work together on focused projects delivering products and services to the market, and extending the national reach of some of them to a European dimension. Over 500 SMEs and start-ups are part of its ecosystem ensuring a pervasive presence in the ICT innovation arena.

Q: Just last month you opened a new center in Silicon Valley, which is a long way from your other centers in Europe. What does this new location hope to accomplish?

Golic: On Sept. 25, after a year-long preparation involving contacts with companies, universities, and VCs in the Silicon Valley, EIT ICT Labs opened a hub in San Francisco to create a bi-directional bridge for European entrepreneurs and companies that may find in the Silicon Valley ecosystem an opportunity to access technology, funds, and markets, and for Silicon Valley's VCs and innovative technologies to find a connection to the European market made more accessible through the EIT ICT Labs network.

Focused cooperation activities are already planned and will be at full steam early next year in areas like software-defined network and networking, and urban life and mobility with specific attention to use of crowdsourced territorial data. Furthermore, strong cooperation on education MOOCs involving major players like Coursera are being defined. An extensive program for start-ups support is also in place with scheduled events for pitch and fund seeking.

Q: Tell me about how you will be participating in Black Hat Europe. What can visitors to the conference expect to see and hear from EIT ICT Labs? What will be the takeaways?

Golic: We wish to convey a message about the role, strategy, and priorities of EIT ICT Labs in the area of cyber security and privacy. At the EIT ICT Labs booth, visitors will see innovative cyber security services of the Communication Valley Reply that were brought to the market with support of the European innovation community. We will demonstrate how the Privacy, Security & Trust Action Line (PST AL) of EIT ICT Labs provides financial and operational support for innovation and business activities aimed at bringing to market innovative ICT products and services in the area of data security and privacy.

The technological solutions presented at Black Hat Europe are in line with the long-term priorities of the EIT ICT Labs PST AL, which are privacy-aware federated ID management and strong authentication; data privacy in online/mobile applications, services, and communications; and protection against malicious software and intrusion detection/prevention on computing devices, especially on mobile platforms.

These priorities are based on the following premises:

  • The current situation in cyber security is unsatisfactory. Namely, the attacks are evolving and multiplying, and their negative impact is a threat that may endanger the growth of ICT business worldwide. Exposure of sensitive data (personal, industrial secrets, etc.) puts at risk people's liberty, jobs, and even lives, as well as property and enterprises. Due to the scale of the problem, the development of efficient defenses by a reactive approach heavily based on human effort may soon become unrealistic and too costly.
  • The current situation in data privacy is very unsatisfactory. One of the main problems is massive user profiling by online service providers which, although being potentially useful, is out of effective control of the users. Another problem is (potential) abuses of surveillance and lawful interception practices which themselves help detect and monitor social threats and criminal or terrorist activities.

Therefore, the PST AL is pushing forward a proactive approach -- that is, address cyber security and privacy by using more secure, trustworthy, and transparent innovative technologies bridging the gaps between available techniques and practice by promoting a "security and privacy by design" paradigm, and by raising social awareness. Application areas such as social networks, e-commerce, e-voting/polls, e-health, smart spaces, smart energy, and mobility, as well as cloud computing, Big Data, and Internet of Things are strongly encouraged.

Q: EIT ICT Labs is a "Platinum Sponsor" of Black Hat Europe 2014. Why is this particular conference such an important part of your marketing program?

Golic: Black Hat Europe is a premium forum for cyber security which attracts an influential audience both from the academic world and industry and both from public and private sectors. The needs for data protection are strong and business opportunities in the area of cyber security and privacy are great and unexploited. A major objective of EIT ICT Labs is to create a community of start-ups, SMEs, and enterprises that are interested in developing and deploying innovative solutions in data security and privacy, thus fostering economic growth and improving quality of life in Europe and worldwide. Being a "Platinum Sponsor" of Black Hat Europe is expected to help us reach that objective.

Sustaining Partners