Interviews | September 23, 2016

Black Hat Europe Sponsor Interviews: BooleBox, NCC Group, and SentinelOne

Valerio Pastore

Valerio Pastore


Q: The market for file sync and share products and services is a fairly crowded one. What is the value-add that BooleBox brings to this space for enterprise customers?

Valerio Pastore: BooleBox has primarily introduced a new level of end-to-end encryption: it actually provides serious security through a full military-grade encryption to secure data beyond perimeter and device-centric controls. In addition to 256-bit Advanced Encryption Standard, BooleBox uses a proprietary algorithm that applies a 2048-bit random encryption key to each file. This type of security is not currently available on such widely used services as Google Drive, Dropbox and Box.

The possibility to settle and use Private Keys represents the core of BooleBox' different approach to security in a cloud service. Only the end user holds the private key, a simple, personally chosen passcode to encrypt and unlock files; these keys can be easily created and managed through BooleBox' intuitive desktop software client or mobile app. In this way, the barrier to adopting encryption is removed, making its security benefits accessible to a larger number of users.

Thanks to BooleBox, data is always encrypted: at rest, in transport and even when in use. But the possibility to work on it and to cooperate with other users, both inside and outside the company, is absolutely not compromised. And this is the ultimate common thread that characterizes both BooleBox Cloud and BooleBox On-Premises. Full audit trails and dynamic access policies work anywhere and everywhere. Permission settings can be set with a high level of granularity and are managed by the creator of the data, not the IT systems administrator. Last but not least, the system can restrict many functions such as copy and paste, and screen capture/video grabbing activities of protected documents.

Q: What exactly is Secure Board? How can organizations benefit from the technology?

Pastore: Secure Board is the perfect answer for all organizations requiring top-levels of protection for their intellectual property and sensitive information. In particular, it can fully satisfy the security requirements of those bodies and authorities inside organizations that need extremely secure tools to protect their data when stored and shared, starting from companies' Boards of Directors.

Secure Board can also guarantee extreme confidentiality and privacy, which are crucial for all enterprises nowadays. What's significant is that our system can guarantee all these security features without compromise on ease-of-use or usability. We make it possible to achieve absolute protection, while ensuring extremely easy access to and quick availability of the files only to authorized users.

All managers adopting Secure Board find it very easy to employ the solution: they can communicate anywhere and at any time, sync and share their data in complete security, without finding any kind of difficulty.

Many quoted enterprises worldwide have already chosen Secure Board for their Management Team or Board of Directors. Law firms, high-tech companies, fashion houses, insurances are just a few instances – anyone who has the primary need to give full protection to their confidential data can turn to our solution. We are actually a leading provider of trusted data centric protection of any company's data and can be proud to serve some of the world's largest businesses.

Q: BooleBox is a Black Hat Europe 2016 Platinum Sponsor. Why is it important for your company to be at the event?

Pastore: Joining Black Hat Europe 2016 as Platinum Sponsor represents a great occasion for visibility for BooleBox. Our participation in this primary IT event, surely one of the most outstanding ones in the whole EMEA region, confirms our company's strategic plans to strengthen our presence in the European market.

Besides Europe, BooleBox has a really strong network of customers all over the world, starting from the Middle East (where we can count on strategic partnerships with prestigious local distributors) to the United States. What we would like to do now and, in particular, what we expect from joining Black Hat Europe 2016 is to lay the foundations for new good opportunities within the European context as well. Our solutions, as a matter of fact, are potentially ideal for every kind of business present in Europe, from small-medium business to structured multinationals, belonging to every industry sector.

Our aim now is to let many other local businesses discover BooleBox' top-secure features and potentialities. And we want to increase BooleBox brand awareness not only by enterprises, but also by distributors and resellers located throughout the local territories.

Black Hat Europe 2016 is therefore for us a precious, unique opportunity to settle new contacts and widen our presence in the huge, promising European framework.

>Ollie Whitehouse

Ollie Whitehouse
Technical Director
NCC Group

NCC Group

Q: In today's threat landscape what is it that companies need to understand about identifying, assessing, mitigating and responding to the risks they face?

Ollie Whitehouse: Companies need to understand that security is not a binary state that is secure or insecure. Instead the requirement is to be resilient to a level, which is appropriate to their risk appetite. Security incidents will happen as part of business as usual and an organization should stop where possible, minimize impact where not and be able to detect, respond and remediate always.

Q: The NCC Group is a Platinum Sponsor of Black Hat Europe 2016. Why is it important being at Black Hat? What do you want people to know about your company at the event?

Whitehouse: Black Hat is an event that a lot of the industry has grown with and as such when it decided to return to the United Kingdom we felt it important to be present in a big way. NCC Group supports many events across the globe and especially in the UK due to our headquarters being based here.

We want people to know whom NCC Group [is] and what makes us tick.

NCC Group is a firm, which has over 1,850 staff over 30 offices across the globe. We have very mature research, engineering and delivery capabilities in both red and blue team professional and managed services along with traditional big-four style risk advisory services. As such it is a very unique place to work due to people who specialize in cyber risk, security and assurance being the lifeblood of the business.

Tomer Weingarten

Tomer Weingarten
CEO & Co-founder

Andy Norton

Andy Norton
Risk Officer – EMEA


Q: Tomer, SentinelOne offers a $1 million ransomware cyber guarantee under which you have agreed to reimburse customers if your technology fails to block or remediate the effects of a ransomware attack. Isn't that risky given the current threat landscape?

Tomer Weingarten: We are under no illusion that we will never pay out on the guarantee—threats are constantly evolving and no product is 100 percent effective. With this guarantee we're not only showing we have confidence in our product but also demonstrating responsibility and commitment to our customers should an attack occur that we are unable to stop or remediate. Security should be a shared responsibility between enterprises and the security vendor community. We're hoping this move spark an industry shift in the way vendors support their customers.

Q: Andy, what is it that enterprises need to know and understand about the ransomware threat considering that it long ago stopped being just a consumer problem?

Andy Norton: Ransomware is a great wake up call for enterprises. Given the prevalence and success of this type of threat, you would hope that enterprises are familiar with the risks posed by ransomware. Ransomware not only challenges the efficacy of enterprise security investments but it also challenges the effectiveness of backup and recovery processes and solutions.

Ransomware is a subtle evolution of threat actor tools, techniques and procedures in a couple of ways. Firstly, it´s extremely visible, a recent history of enterprise defeating payloads, such as Zeus, Dyre and diskless based attacks, typically, are much stealthier and covert in nature, with a goal of the exfiltration of data over long periods, as the common denominator in behaviour.

At the very top level, most enterprise class threats have targeted risks associated with a breach of confidentiality and or integrity. Ransomware targets risks associated with a lack of availability. In addition to expanding the type of risk induced on an enterprise, ransomware also cuts out the middleman in terms of getting paid for infiltration. Many payloads look to resell their data on the dark markets, or operate with other crime gangs to load adverts, send spam or install additional payloads to make money. Ransomware is a direct method for getting paid.

Ransomware is also encountered in the same way that the other stealthier threats get delivered, so if you are seeing ransomware infections in your environment. What are you not seeing?

Finally, ransomware is essentially a destructive payload, we have seen destructive payloads used in combination with stolen credentials to devastating effect at a number of global companies in the past, Shamoon, Dark Seoul and the Sony Pictures breach are infamous "wiper" black swan events. If the bad guys stitch together the tactics we are seeing in Business Email Compromise with ransomware payloads, we could be looking at the next wave of attacks on availability based risk.

Q: Tomer, do you consider next generation endpoint security technologies as being ready to replace traditional AV tools? Or do you see them coexisting for the foreseeable future?

Tomer Weingarten: Yes, next-generation endpoint protection solutions like SentinelOne have been recognized by independent organizations like AV-TEST and Gartner to be a replacement for traditional antivirus software.

It's important to understand though that enterprises aren't simply looking for a replacement to traditional AV, rather they're looking for a solution that fundamentally alters the course they are on relative to cyber attacks. At Black Hat USA, 72% of attendees responded that they expect to be breached within the next 12-months. The lack of confidence in technology is severe.

For decades the endpoint security industry sat stagnant while threats increased in both volume and sophistication. Changing the course requires a more fundamental technology approach, which we now have today through advanced behavioral-based detection and machine learning. History will prove that these new approaches significantly altered the course of security, instilling new confidence in enterprises.

Q: Andy, as a Platinum Sponsor of Black Hat Europe 2016, what is your main messaging going to be at the event?

Andy Norton: We'll continue to focus on the role next-generation endpoint protection will play now and in the future as organizations look to migrate away from traditional antivirus. In the last year there has been a significant shift in acceptance as companies and government organizations are deploying next-generation endpoint protection at scale across hundreds of thousands of endpoints and servers. Our message will focus on easing any concerns people may have in the transition and addressing questions organizations may have on how best to prepare for a migration.

Sustaining Partners