Interviews | September 23, 2015

Black Hat Europe Sponsor Interviews: Cylance, Palo Alto Networks, SecureAuth, and Checkmarx

Stuart McClure

Stuart McClure, CEO, president, and founder of Cylance, shares the results of a recent test pitting his protection technology against McAfee, Symantec, and other antivirus software, and why he decided to become a Diamond Sponsor of Black Hat Europe 2015.


Q: Stuart, you recently released your next-generation malware protection. What features does that offer and what are the benefits for your customers?

Stuart McClure: We offer the first real-world application of artificial intelligence to cyber security in order to predictively identify and stop cyber-attacks before they are ever born -- pre-execution. Traditional endpoint security is completely ineffective, noisy, and requires constant signature updates to merely detect the "already-known" threats -- and you can just forget about detecting new or mutated threats. With Cylance's proactive, pre-execution AI approach, you never need to update the product or rely on the cloud for detections, and its nearly invisible footprint results in exponentially reduced support costs.

Q: You won the Excellence Award for Best Emerging Technology at the 2015 SC Awards. That's quite an honor! What do you think you did to deserve such a distinction?

McClure: Artificial intelligence. Our product thinks like an expert reverse engineer but on a massive scale. It does away with all the biases and "gut instincts" inherent in each of us and is able to break malware down to its most basic, DNA-level components. Our approach to the market is also inherently different from other vendors in that the product truly speaks for itself. If we wanted to, we could use all the latest buzzwords like the rest of the industry, but customers have been burned too many times by false promises and overhyped products. SC Magazine picked up on how adamant we are about proving the product's effectiveness in the real world against all other endpoint-protection vendors and, after testing it in their labs, they were believers. We want our customers to be skeptical; it holds us to a higher standard. And when they test it in their environments, they inevitably turn into believers too.

Q: In a recent test that pitted your CYLANCEProtect technology against other antivirus software, you identified and blocked 99% of 2,200 samples versus McAfee's 52%, Symantec's 53%, and Trend Micro's 30%. What is it about your technology that allowed you to best your competitors?

McClure: Cylance's application of AI to security is the real reason for our success. By training computers to think, we allow them to do the heavy lifting of determining if something is "bad" and blocking it in near real-time. We get in the way of execution to never allow anything that is statistically measured as malicious to execute. Essentially, we prevent the entire attack kill chain before it ever starts. So instead of waiting and hoping to catch some indication of compromise or attack, we have predicted it to be bad before it ever started. And because 99%-plus of all attacks use the same old "tried-and-true" techniques, our math models are built on such a broad attack surface area that any new attack that comes out will be prevented, no matter how many ways they try to hide or obfuscate.

Q: Cylance is a Diamond Sponsor of the upcoming Black Hat Europe 2015 Conference. What made you decide to support the conference? What sort of interest are you expecting from the European market?

McClure: Cylance's mission is to protect every endpoint on the planet with our technology. and we believe Europe is a great market to gain quick traction. My previous experiences in the European market have informed me that it's driven by what product or solution is the most effective, not who has the most marketing spend. Europe also has deep concerns about how companies use their customers' data, which makes Cylance a perfect fit. Cylance PROTECT doesn't rely on cloud connectivity to detect and block malware; all of the analysis and decision making happens on the endpoint. The result is a solution that offers exponentially better malware detection without exposing our customers to additional legal risks. Many other solutions are both reactive (rather than preventative) and expose the company to liability from the European Union's additional privacy laws. We believe that once the markets see what we really have, and can prove to them what the rest of the world is quickly learning about us, we will be their first choice for endpoint protection.

Christian Hentschel

Christian Hentschel, Theatre VP Europe, Middle East, and Africa at Palo Alto Networks, talks about the advantages and key features of his next-generation firewall, and why he chose to become a Platinum Sponsor of Black Hat Europe 2015.

Palo Alto Networks

Q: Christian, You just released your new PA-7080 next-generation firewall which is said to eliminate the shortcomings of "legacy products and siloed security architectures." Tell me a little bit about what your new solution does that previous firewalls (those "legacy products") don't do.

Christian Hentschel: The new PA-7080 next-generation firewall provides the power, intelligent scalability, and management simplicity ideally suited for deploying the PA-7080 in large dynamic service delivery networks and data centers that require superior next-generation security performance at scale. The PA-7080 delivers the computing power required to prevent today's modern cyberattacks across all applications and ports, and is derived from a proven architecture that blends ultra-efficient software with nearly 700 function-specific processers for networking, security, content inspection, and management.

Key features include:

  • As added performance and capacity are needed, the PA-7080 will intelligently scale by automatically allocating new computing resources as they are made available when new processing cards are added.
  • To simplify system administration as well as costs, the PA-7080 is managed and licensed as a single unified system. Single system management brings consistency with other Palo Alto Networks appliance deployment while system-wide management means consistent expenditures regardless of how many processing cards are in use.
  • To support critical service provider and enterprise deployments, the PA-7080 is NEBS-compliant, has front-to-back cooling, and AC/DC power supply options as standard features.

Q: At Black Hat USA 2015, you announced a partnership with security startup Tanium, calling it part of "an ongoing evolution" to help partners take advantage of new technologies. Talk to me about that "ongoing evolution" and how is it going to help partners take advantage of your new technologies?

Hentschel: Given the speed and sophistication of modern cyberattacks, prevention technologies must be combined with lightning-fast detection and remediation to truly stay a step ahead of threats. Palo Alto Networks and Tanium will provide an integration that marries the Palo Alto Networks security platform with Tanium's instantaneous endpoint detection and remediation, and enable organizations to fully automate and accelerate the otherwise manual, time-consuming process of threat prevention, detection, and incident response across even the largest and most complex networks.

The Tanium Endpoint Platform will receive malicious indicators identified by Palo Alto Networks WildFire, which are automatically imported into the Tanium IOC Detect module. This relationship between WildFire and Tanium IOC Detect enables security teams to quickly and accurately discover compromised endpoints across the organization within seconds. In addition, as Tanium IOC Detect identifies new indicators of compromise at the endpoint, that intelligence is shared directly with Palo Alto Networks Panorama, which results in automatic delivery of new network-level protections across next-generation firewalls enterprise-wide.

The closed loop approach to prevention, detection, and incident response represented by the strategic alliance between Palo Alto Networks and Tanium will enable our partners to better provide comprehensive cyber-prevention solutions to our mutual customers.

Q: Palo Alto Networks has been talking a lot about prevention – what does this really mean and is it really possible?

Hentschel: "Prevent" is the word that matters in today's threat landscape. Effective prevention of attacks, before they happen, decreases the overall attack surface and makes it much more difficult -- and prohibitively expensive -- for hackers to penetrate an organization's defenses. Detection technologies and incidence response have their place, but it is impossible to keep up with threats if the only answer is to clean up after the attack, when the damage has been done. Prevention is not only possible, but achievable, even against advanced attackers.

It is increasingly obvious legacy technology solutions are not able to protect organizations in this age of sophisticated and aggressive cyberattacks. The Palo Alto Networks Security Platform, combined with sophisticated analysis and enhanced automation, defends against attacks targeting networks, endpoints, and cloud-enabled data centers. With cyber security now a numbers game, it is critical to alter the financial equation so the odds of launching a successful attack are significantly reduced, which dramatically increases the costs for the attacker.

Actionable intelligence is another core element that enables prevention. Security practitioners today receive an overwhelming volume of security data and alerts daily from a variety of tools, vendor feeds, and devices deployed across their organization. This vast pool of information, with little to no context or actionable next steps, makes it difficult to identify the unique, targeted attacks facing an organization, often resulting in missed opportunities to prevent the attack before damage can be done. With AutoFocus, Palo Alto Networks cyberthreat intelligence service, security practitioners have instant access to actionable intelligence based on files collected from global enterprises, service providers, and government organizations. With this context, such as the origin and uniqueness of a particular threat, or relevance to an organization's industry, security teams can significantly close the gap on the time it takes to identify and prevent advanced, targeted cyberattacks.

Palo Alto Networks strategy is to have a high degree of breach-prevention capabilities at every step in the attack life cycle. Our platform provides natively integrated and highly automated breach prevention capabilities that can demonstrably show the benefits of this approach. This is the right platform at the right time in history, as organizations continue look for a better way to solve problems that legacy technologies, point products, and strategies -- based primarily on threat detection and remediation -- cannot.

Q: You chose to become a Platinum Sponsor of Black Hat Europe. How has that worked out for you in the past ... and what are you expecting it will do for Palo Alto this year?

Hentschel: Black Hat has, for a long time now, provided significant opportunity for those from across the security spectrum to engage in discussion and debate around cyber threats and cyber defense. It brings together people from industry and academia, and from across the public and private sectors, enabling this discussion to be a collaborative one that reflects a range of different needs and perspectives. This dialogue is essential in the battle against cyber adversaries where sharing intelligence is essential in providing greater levels of defense against today's complex security threats.

Craig Lund

Craig Lund, CEO of SecureAuth, discusses the results of his recent survey of 500 senior-level IT execs, why peoples' personal medical information is twice as likely to be hacked compared to their financial data, and his best suggestions for how people can protect their information.


Q: Craig, in your recent survey of 500 senior-level IT execs, you asked who did they believe might compromise the company's network ... and 62% said they viewed their employees as their biggest threat. You said that you found those results "both eye-opening and a bit disappointing." How so?

Craig Lund: Our recent survey uncovered a number of results that gave an eye-opening and rather disappointing view of cyber security across the U.S. In our study, we found 39% of organizations use password-only authentication measures, a model regularly exploited by both internal and external attackers. Single-factor authentication is consistently criticized for its lack of security. When you then consider that 62% of companies view employees as their biggest cyber-security threat, it becomes apparent that these organizations are failing to act upon the dangers that lurk within their own walls.

Despite numerous high-profile cyber-attacks this year that featured both intentional and unintentional employee involvement, along with compromised passwords, it's clear that many businesses are simply not taking the necessary precautions. Deploying adaptive and two-factor authentication is the best method to improve their security and detect both internal and external bad actors in their environment.

Q: SecureAuth has said that peoples' personal medical information is twice as likely to be hacked compared to their financial data. That's a surprising statement. Why do you think that's true ... and what can be done about it?

Lund: Partly, it's an economic thing. Unfortunately, with the way many people view cyber security, it means the best and brightest minds will make more money if they focus on protecting the financial sector. Unsurprisingly, this means that, in most cases, your bank will protect your financial data from theft much more effectively than your healthcare provider or insurer protects your most intimate healthcare details.

By its very nature, there's far more information in healthcare data than financial information. It includes names, Social Security numbers, personal history, birth dates, etc. This is a goldmine for "bad actors" who steal healthcare data. They are able to use it to do far more, from setting up fake bank accounts, gaining access to credit cards, stealing identities, or gaining free access to healthcare in the U.S.

It's only since incidents such as the Anthem breach that those in the healthcare industry have re-addressed their cyber-security priorities. Healthcare organizations need to take a lesson from the banking industry, investing in the most innovative cyber-security solutions to ensure that no data at any point within the organizations rely solely on single-factor authentication to gain access to sensitive data. Passwords alone are not enough.

Q: You have some strong opinions about how people can protect their information from being accessed in a time when cyberattacks are all too common. What are your best suggestions?

Lund: In our recent survey, 72% of company IT decision makers said they were confident they had adequate security in place to protect their organization's data from a breach. However, according to the UK Department for Business Innovation and Skills, 90% of organizations in the UK suffered from a data breach last year. This contrast between belief and reality is a stark reminder that organizations aren't taking their cyber security seriously enough.

Organizations need to implement systems that address the problem head on, using stronger methods of adaptive authentication. Risk-based analysis methods like device fingerprinting and user behavior analysis can also provide more in-depth verification of an individual without negatively affecting the end-user experience. It enables suspicious activity or access attempts to be spotted and escalated easily to prevent attackers gaining access to sensitive information.

Q: You made the decision to be a Platinum Sponsor of Black Hat Europe 2015. Why is that an important marketing strategy for you?

Lund: Black Hat is regarded as one of the best cyber-security conferences on the planet. When we attended in 2014, the resulting meetings and conversations we had truly contributed to our growing success in Europe. Based on this success, being a Platinum Sponsor for this year's conference was an important part of our marketing strategy for the year.

Asaph Schulman

Asaph Schulman, VP of marketing at Checkmarx, chats about his enhanced mobile security offering, what Black Hat Europe attendees can hope to learn at the Checkmarx booth, plus the details of the company's hiring spree and future expansion plans.


Q: Asaph, you recently launched your enhanced mobile security offering that is designed to allow developers to deliver secure mobile apps. What would you want developers to know about what your solution does for them -- and how?

Asaph Schulman: The mobile application industry is growing exponentially at an explosive pace, yet security issues of mobile applications are lagging behind. As hacking incidents become more public and businesses impact increases, the evolution of mobile application hacking becomes more rapid both in numbers and in techniques. A research we will be publishing soon shows just how lacking mobile applications are when it comes to Application Security. Checkmarx addresses Mobile Application security at an early stage and enforces secure development practices. Allowing Android, iOS, and Windows developers to scan, validate, and fix their code before it is even built or compiled prevents exposing the application to attacks based on code vulnerabilities which are becoming the main attack vector. Developers using Checkmarx CxSAST for Mobile can seamlessly integrate the solution within their development lifecycle and streamline the vulnerability mitigation without a hassle.

On top of the common desktop, laptop, and server threats, mobile devices deal with a wider risk, being exposed to even more security threats. The risks of third-party keyboards, application permissions, multiple input channels, plain bad authentication or encryption on top of other mobile centric items are new to many developers and, in many cases, not addressed properly. On top of validating known code vulnerabilities, Checkmarx uses smart heuristics to validate that the mobile code does not expose new risk to the application.

Q: You've been on a hiring spree, signing on 80 new employees in Israel and around the world. Are you still on a growth spirt? Talk to me about your expansion plans and what's on the drawing board for Checkmarx.

Schulman: Checkmarx has been in hyper-growth mode for the last several years and we see that trend continuing. We are on a constant hiring spree as we continue to increase delivery of our solutions into new accounts as well as significantly expand within major customers we have that are some of the world's largest software vendors. We are seeing increased awareness of the need for application security at the different stages of the application lifecycle including the development and production stages. With that awareness comes demand at an increasing pace. In order to maintain the high quality and innovative approach our customers have gotten used to, we are continuing to hire great minds all over the world. Our product deliveries include our flagship product -- CxSAST -- for source code analysis, plus our educational solutions for developers (Game of Hacks) and security personnel, and CxRASP, our runtime application security protection solution.

Q: What will your focus be at Black Hat Europe? What can attendees hope to learn when they visit your booth?

Schulman: Our focus is Application security at its earliest stage, how to educate your organizations, and how to provide solutions which will be used to streamline the process of security as an integral part of the development process. We provide visitors with information about the problem, its costs, and how it should be properly addressed. Appsec managers and developers live in constant tension which can be easily resolved by ensuring that developers get to use solutions which are in line with how they normally work and which make their lives easy.

Q: This is your first year as a Gold Sponsor of Black Hat Europe 2015? What made you decide to make the investment?

Schulman: Our market is very competitive and we believe that our solution is the best bet for an organization to solve the problem of source code analysis and general application security. We present and talk at many conferences every year and believe that increased visibility will help us reach more channels, partners, and customers. Being a Gold Sponsor for Black hat Europe is only one step we are taking within a range of many others to increase our visibility in the market.

Sustaining Partners